Is there any guidance on if this pile of dnsmasq vulnerabilities affects LXD? I made sure my snap package is fully refreshed, and then checked the version and it’s still reporting 2.79:
root@lxd-server:~# snap refresh lxd
lxd 4.10 from Canonical✓ refreshed
root@lxd-server:~# /snap/lxd/current/bin/dnsmasq --version
/snap/lxd/current/bin/dnsmasq: error while loading shared libraries: libidn.so.11: cannot open shared object file: No such file or directory
root@lxd-server:~# snap run --shell lxd
bash-4.4# dnsmasq --version
Dnsmasq version 2.79 Copyright (c) 2000-2018 Simon Kelley
Is there no update because the configuration used is not vulnerable, or is an update forthcoming?
2.79 is normal, the LXD snap is based on core18 (Ubuntu 18.04) which ships 2.79.
The security fix will be picked up by the next stable snap update. We should have one come out later today or early tomorrow, I’m just looking at what fixes we may want to cherry-pick into LXD at the same time.
(Worth noting that as snap publishers we get e-mail notifications for any package that’s included in the snap and that needs a refresh for a security fix)
If I’ve done it correctly, it looks like the SHA256 checksum of the correct dnsmasq is 4171871eaa8351d609a2fb43056803e4172779541fa10a25b1eeb26ee17fb5ff which should make it fairly trivial to work out which machines need it and which don’t.