Alerts This Week
Warning Icon 1 652
Alerts This Week
Warning Icon 1 652

SUSE Linux Micro Update dnsmasq Important DoS Buffer Overflow 2026-21733-1

suse
Calendar Grey May 22, 2026
Dist Suse Esm H88
A significant SUSE update fixing seven issues in dnsmasq, enhancing overall security and performance.
An update that solves seven vulnerabilities, contains one feature and has two fixes can now be installed.

Summary

## This update for dnsmasq fixes the following issues Security issues: * CVE-2026-2291: dnsmasq can be abused to record false cached data enabling DoS or attacker redirect (bsc#1258251). * CVE-2026-4890: DoS vulnerability in the DNSSEC validation (bsc#1265001). * CVE-2026-4891: heap-based out-of-bounds read vulnerability in the DNSSEC validation (bsc#1265002). * CVE-2026-4892: heap-based out-of-bounds write vulnerability in the DHCPv6 implementation (bsc#1265003). * CVE-2026-4893: information disclosure vulnerability in dnsmasq allows remote attackers to bypass source checks (bsc#1265004). * CVE-2026-5172: buffer overflow in dnsmasq's extract_addresses() function (bsc#1265006). * CVE-2026-6507: out-of-bounds write in DHCP BOOTREPLY processing can lead to denial of service (bsc#1262487).

Topics%20covered

Topics Covered

security advisory buffer overflow SuSE DoS important dnsmasq

References

* bsc#1247812

* bsc#1257934

* bsc#1258251

* bsc#1262487

* bsc#1265001

* bsc#1265002

* bsc#1265003

* bsc#1265004

* bsc#1265006

* jsc#PED-266

Cross-

* CVE-2026-2291

* CVE-2026-4890

* CVE-2026-4891

* CVE-2026-4892

* CVE-2026-4893

* CVE-2026-5172

* CVE-2026-6507

CVSS scores:

* CVE-2026-2291 ( SUSE ): 9.2

CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

* CVE-2026-2291 ( SUSE ): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

* CVE-2026-2291 ( NVD ): 7.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

* CVE-2026-4890 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

* CVE-2026-4890 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

* CVE-2026-4891 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Severity
important
Lowest
Low
Medium
High
Critical

Announcement ID: SUSE-SU-2026:21733-1
Release Date: 2026-05-19T11:42:15Z
Rating: important

Topics%20covered

Topics Covered

security advisory buffer overflow SuSE DoS important dnsmasq

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here