Update to patch DNSmasq vulnerabilities?
-
Given that EdgeOS runs Dnsmasq, I'm assuming the AmpliFi router does as well. If so, can you comment on when a firmware update will drop to address the CVEs that Google announced this week? Particularly the remote execution vulnerabilities:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14491
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14492
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14493If AmpliFi doesn't run Dnsmasq, can you please confirm that we're not vulnerable?
There does not seem to be a way to disable DNS caching on the router, and there's also not a way to override the resolver addresses that the built-in DHCP server offers. Disabling DHCP and setting up my own, with different resolver addresses, is not something I relish doing.
I've got AmpliFi HD (Hardware ID 16) on firmware 2.4.2, revision 0-gb0fbed8.
-
I doubt you'll get a response they don't seem to answer any technical queries on this forum. Unlike the UniFi forums....