This update for dnsmasq fixes the following issues
Update to 2.93:
- CVE-2026-12725: heap buffer overflow in `log_query()` when logging unsupported DS/DNSKEY replies (bsc#1268764).
Changes for dnsmasq:
* CVE-2026-12725, bsc#1268764: Heap buffer overflow in
`log_query()` when logging unsupported DS/DNSKEY replies.
* Fix a corner-case in DNSSEC validation with wildcards.
* Fix DNSSEC failure with spurious RRSIGs.
* Fix DNSSEC fail with CNAME replies to DS queries.
* Fix regression in 2.92 release which broke DHCPv6 when a DHCP
relay is in use.
* Modify the inotify implementation so that inotify watches are
only created after dnsmasq has changed permissions and userid.
* CVE-2026-2291: Rework storage allocation for domain names.
Patch instructions:
To install this openSUSE security update use the suse recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap 16.0
...
Read the Full Advisory- openSUSE Leap 16.0:
dnsmasq-2.93-160000.1.1
dnsmasq-utils-2.93-160000.1.1
* bsc#1268764
References:
* https://www.suse.com/security/cve/CVE-2026-12725.html
* https://www.suse.com/security/cve/CVE-2026-2291.html
* https://www.suse.com/security/cve/CVE-2026-6507.html
Get the latest Linux and open source security news straight to your inbox.