Package : dnsmasq Version : 2.72-3+deb8u4 Debian Bug : 907887 dnsmasq, a DNS forwarder and DHCP server, ships the DNS Root Zone Key Signing Key (KSK), used as the DNSSEC trust anchor. ICANN will rollover the KSK in 11 October 2018, and DNS resolvers will need the new key (KSK-2017) to continue performing DNSSEC validation. This dnsmasq package update includes the latest key to prevent issues in scenarios where dnsmasq runs with DNSSEC enabled and it is using the trusted anchors file shipped with the package. Please note this is not the default configuration in Debian. For Debian 8 "Jessie", this problem has been fixed in version 2.72-3+deb8u4. We recommend that you upgrade your dnsmasq packages. Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS
Debian LTS: DLA-1532-1: dnsmasq update
October 4, 2018
dnsmasq, a DNS forwarder and DHCP server, ships the DNS Root Zone Key Signing Key (KSK), used as the DNSSEC trust anchor
Summary
For Debian 8 "Jessie", this problem has been fixed in version
2.72-3+deb8u4.
We recommend that you upgrade your dnsmasq packages.
Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
Severity
Package :dnsmasq
Version : 2.72-3+deb8u4
Debian Bug : 907887
News
HOWTOs
Features
About Us
Powered By
