Explore top 10 tips to secure your open-source projects now. Read More
×
This update for dnsmasq fixes the following issues
* CVE-2026-12725: heap buffer overflow in `log_query()` when logging
unsupported DS/DNSKEY replies (bsc#1268764).
* CVE-2026-12969: out-of-bounds read in `find_soa()` due to missing extrabytes
validation (bsc#1268882).
Changes for dnsmasq:
* Update to 2.93:
* Fix a corner-case in DNSSEC validation with wildcards.
* Fix DNSSEC failure with spurious RRSIGs.
* Fix DNSSEC fail with CNAME replies to DS queries.
* Fix regression in 2.92 release which broke DHCPv6 when a DHCP relay is in
use.
* Modify the inotify implementation so that inotify watches are only created
after dnsmasq has changed permissions and userid.
## Patch Instructions:
To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
* SUSE Linux Enterprise Micro for Rancher 5.3
zypper in -t patch SUSE-SLE-Micro-5.3-2026-3028=1
* SUSE Linux Enterprise Micro 5.3
zypper in -t patch SUSE-SLE-Micro-5.3-2026-3028=1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4
zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-LTSS-2026-3028=1
* openSUSE Leap 15.4
zypper in -t patch SUSE-2026-3028=1
* SUSE Linux Enterprise Micro 5.5
zypper in -t patch SUSE-SLE-Micro-5.5-2026-3028=1
* SUSE Linux Enterprise Server 15 SP6 LTSS
zypper in -t patch SUSE-SLE-Product-SLES-15-SP6-LTSS-2026-3028=1
* Basesystem Module 15-SP7
zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP7-2026-3028=1
* SUSE Linux Enterprise Server 15 SP4 LTSS
zypper in -t patch SUSE-SLE-Product-SLES-15-SP4-LTSS-2026-3028=1
* SUSE Linux Enterprise Server 15 SP5 LTSS
zypper in -t patch...
Read the Full Advisory* SUSE Linux Enterprise Server 15 SP4 LTSS (aarch64 ppc64le s390x x86_64)
* dnsmasq-debuginfo-2.93-150400.16.17.1
* dnsmasq-2.93-150400.16.17.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP5 (ppc64le x86_64)
* dnsmasq-debuginfo-2.93-150400.16.17.1
* dnsmasq-2.93-150400.16.17.1
* SUSE Linux Enterprise Micro for Rancher 5.3 (aarch64 s390x x86_64)
* dnsmasq-debuginfo-2.93-150400.16.17.1
* dnsmasq-2.93-150400.16.17.1
* SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64)
* dnsmasq-debuginfo-2.93-150400.16.17.1
* dnsmasq-2.93-150400.16.17.1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 (aarch64
x86_64)
* dnsmasq-debuginfo-2.93-150400.16.17.1
* dnsmasq-2.93-150400.16.17.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP4 (ppc64le x86_64)
* dnsmasq-debuginfo-2.93-150400.16.17.1
* dnsmasq-2.93-150400.16.17.1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (aarch64
x86_64)
* dnsmasq-debuginfo-2.93-150400.16.17.1
* dnsmasq-2.93-150400.16.17.1
* SUSE Linux...
Read the Full Advisory* bsc#1268764
* bsc#1268882
## References:
* https://www.suse.com/security/cve/CVE-2026-12725.html
* https://www.suse.com/security/cve/CVE-2026-12969.html
* https://bugzilla.suse.com/show_bug.cgi?id=1268764
* https://bugzilla.suse.com/show_bug.cgi?id=1268882
Get the latest Linux and open source security news straight to your inbox.