How to get the latest dnsmasq version?

I'd like to update to the latest version of dnsmasq (2.83). I used sudo apt update followed by sudo apt upgrade in an attempt to update the software and libraries installed on the machine. I then checked my dnsmasq version with dnsmasq -v however the version is 2.80.

How can I get the latest version? I looked on the dnsmasq website and downloaded what seemed to be the latest release but I can't find the actual dnsmasq binary in the download.

Thanks in advance.

3 Answers

Let's lead you through a single CVE, and you can do the rest yourself.

Prerequisite: You didn't say your release of Ubuntu, but we'll assume that it's Ubuntu 20.04 because only 20.04 uses dnsmasq 2.80.

1. The list of CVEs you provided is

   • CVE-2020-25681
   • CVE-2020-25682
   • CVE-2020-25683
   • CVE-2020-25687

2. Plug one CVE ("CVE-2020-25687") into

   • Alternately, you can try

3. Get the result

• Note the Publish date (Not pictured: 19 January 2021)
• Note the Priority (Not pictured: Medium). Higher priority CVEs are patched faster. Low-priority CVEs are sometimes not patched, or are irrelevent
• And the result: CVE-2020-25687 was patched for 20.04 in the dnsmasq package version 2.80-1.1ubuntu1.2.

4. As a check, let's look at the changelog for the dnsmasq package

 dnsmasq (2.80-1.1ubuntu1.2) focal-security; urgency=medium * SECURITY UPDATE: Multiple security issues - CVE-2020-25681: heap overflow in RRSets sorting - CVE-2020-25682: buffer overflow in extracting names from DNS packets - CVE-2020-25683: heap overflow in DNSSEC validation - CVE-2020-25684: cache poisoning issue via address/port - CVE-2020-25685: cache poisoning issue via weak hash - CVE-2020-25686: birthday attack via incorrect existing requests check - CVE-2020-25687: heap overflow in DNSSEC validation - CVE-2019-14834: memory leak via DHCP response creation -- Marc Deslauriers <> Fri, 08 Jan 2021 09:59:59 -0500

5. Let's find out if we're running the patched version.

   • You cannot use dnsmasq -v. Both patched and unpatched will correctly show version 2.80. Patching bumps the version only from 2.80-1.1ubuntu1.1 to 2.80-1.1ubuntu1.2.

   So instead, let's ask dpkg or apt

 you@YourSystem:~$ dpkg -l | grep dnsmasq ii dnsmasq 2.80-1.1ubuntu1.2 amd64 Small caching DNS proxy and DHCP/TFTP server you@YourSystem:~$ apt list dnsmasq-base Listing... Done dnsmasq/focal-security,now 2.80-1.1ubuntu1.2 amd64 [installed]

Ubuntu's Unattended Upgrades feature automatically installs security upgrades, so that you are already, like me, already running the patched version without telling your system to do anything.

Using apt gets you the latest "packaged" version - the version packaged by Ubuntu which may not always be the latest version.

I assume you have Ubuntu 20.04 as 2.80 is the latest packaged version there, but Ubuntu 20.10 comes with 2.82 You can search for packages here.

Looking at the Dnsmasq website it says that the tarball includes the source only, there are no binary releases available. So you will have to build it yourself.

I am sure there are plenty of guides/resources available online covering that subject so I won't attempt to cover that here.

If you care about security, then you should know that all recent security fixes are backported to package versions. Installation of manually compiled 2.83 is overkill and unnecessary.

So they have fixes already included - see Changelog for Ubuntu 20.04 LTS and for all versions.