Alerts This Week
Warning Icon 1 640
Alerts This Week
Warning Icon 1 640

openSUSE Leap 16.0 dnsmasq Important DoS Issues Vuln 2026-20748-1

opensuse
Calendar Grey May 19, 2026
Dist Opensuse Esm H88
An update for openSUSE dnsmasq addresses 7 vulnerabilities and provides crucial bug fixes for enhanced security.
An update that solves 7 vulnerabilities and has 11 bug fixes can now be installed.

Description

This update for dnsmasq fixes the following issues

Security issues:

- CVE-2026-2291: dnsmasq can be abused to record false cached data enabling DoS or attacker redirect

(bsc#1258251).

- CVE-2026-4890: DoS vulnerability in the DNSSEC validation (bsc#1265001).

- CVE-2026-4891: heap-based out-of-bounds read vulnerability in the DNSSEC validation (bsc#1265002).

- CVE-2026-4892: heap-based out-of-bounds write vulnerability in the DHCPv6 implementation (bsc#1265003).

- CVE-2026-4893: information disclosure vulnerability in dnsmasq allows remote attackers to bypass source checks

(bsc#1265004).

- CVE-2026-5172: buffer overflow in dnsmasq's extract_addresses() function (bsc#1265006).

- CVE-2026-6507: out-of-bounds write in DHCP BOOTREPLY processing can lead to denial of service (bsc#1262487).

Non security issues:

- aardvark-dns upstream tests make dnsmasq dump core (bsc#1247812).

- Drop rcFOO symlinks for CODE16 (jsc#PED-266.

- libnettle: update to 4.0 breaks dnsmasq and gnutls...

Read the Full Advisory

Patch

Package List

- openSUSE Leap 16.0:

dnsmasq-2.92rel2-160000.1.1

dnsmasq-utils-2.92rel2-160000.1.1

References

* bsc#1235517

* bsc#1235834

* bsc#1247812

* bsc#1257934

* bsc#1258251

* bsc#1262487

* bsc#1265001

* bsc#1265002

* bsc#1265003

* bsc#1265004

* bsc#1265006

References:

* https://www.suse.com/security/cve/CVE-2026-2291.html

* https://www.suse.com/security/cve/CVE-2026-4890.html

* https://www.suse.com/security/cve/CVE-2026-4891.html

* https://www.suse.com/security/cve/CVE-2026-4892.html

* https://www.suse.com/security/cve/CVE-2026-4893.html

* https://www.suse.com/security/cve/CVE-2026-5172.html

* https://www.suse.com/security/cve/CVE-2026-6507.html

Severity
important
Lowest
Low
Medium
High
Critical

Announcement ID: openSUSE-SU-2026:20748-1
Rating: important
Affected Products: openSUSE Leap 16.0 -------------------------------------------------------------

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here