Dnsmsaq Vulnerability

Hi
I use pi-hole on my RPi- work perfect, but I discovered that the DNS server it uses dnsmsaq- have version 2.76, that have multiple vulnerabilities, including criticals

The recommendation is to update it to ver 2.78.

Can I update it manually, or need to update pi-hole package?

They are fixed with 2.76-5+deb9u1 (the current version in the Debian 9.1 / Raspbian repository), see Debian -- Security Information -- DSA-3989-1 dnsmasq

I see,
So if I am using the most updated ver of raspbian, I am covered ? as the vulnerability fixed in the OS level ?

It is fixed at the OS level, and you need to update your OS to the most current. There are two ways to update your Pi:

  • If you have your Pi set up as a server (with no display or keyboard attached) you'll want to run a terminal emulator on your PC (like Putty on a PC, or on a Mac, just use the built-in Terminal utility), point it at your Pi's IP address, log into the console as username "pi". (I use SSH as the protocol - on the Mac the command to connect is "ssh pi@[your Pi's IP address]" after which you'll be prompted for your password to log in.)

Then issue the commands:

  1. sudo apt-get update (this updates the list of files that are in the repository maintained by the Raspbian team)
  2. sudo apt-get upgrade (this downloads the latest versions of all the files that need to be upgraded, and performs the upgrade)

You might get a prompt asking if you want to change a configuration file - reply "n" (this is the default, and keeps any changes that may have been made along the way in your config files)

  • If you have your Pi set up with a display, keyboard and mouse, you can use Synaptics (one of the GUI system utilities) to update/upgrade.

Upgrades like this are a good habit to get into, every month or so. Even if your Pi is set up as a server and is behind your firewall, it never hurts to keep current.

1 Like

Got it.
Thank you
I will update the OS