Alerts This Week
Warning Icon 1 625
Alerts This Week
Warning Icon 1 625

SUSE Dnsmasq Important DoS and Info Disclosure Issues Fixed 2026-2458-1

suse
Calendar Grey June 18, 2026
Dist Suse Esm H88
Important security update addresses multiple vulnerabilities in dnsmasq, ensuring SUSE systems remain secure and stable.
An update that solves seven vulnerabilities can now be installed.

Summary

## This update for dnsmasq fixes the following issues * CVE-2026-2291: VU#471747: dnsmasq can be abused to record false cached data enabling DoS or attacker redirect (bsc#1258251). * CVE-2026-4890: DoS vulnerability in the DNSSEC validation (bsc#1265001). * CVE-2026-4891: heap-based out-of-bounds read vulnerability in the DNSSEC validation (bsc#1265002). * CVE-2026-4892: heap-based out-of-bounds write vulnerability in the DHCPv6 implementation (bsc#1265003). * CVE-2026-4893: information disclosure vulnerability in dnsmasq allows remote attackers to bypass source checks (bsc#1265004). * CVE-2026-5172: buffer overflow in dnsmasq's extract_addresses() function (bsc#1265006). * CVE-2026-6507: out-of-bounds write in DHCP BOOTREPLY processing can lead to denial of service (bsc#1262487).

Topics%20covered

Topics Covered

security advisory denial of service SuSE important dnsmasq CVE mitigation

References

* bsc#1258251

* bsc#1262487

* bsc#1265001

* bsc#1265002

* bsc#1265003

* bsc#1265004

* bsc#1265006

Cross-

* CVE-2026-2291

* CVE-2026-4890

* CVE-2026-4891

* CVE-2026-4892

* CVE-2026-4893

* CVE-2026-5172

* CVE-2026-6507

CVSS scores:

* CVE-2026-2291 ( SUSE ): 9.2

CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

* CVE-2026-2291 ( SUSE ): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

* CVE-2026-2291 ( NVD ): 7.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

* CVE-2026-4890 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

* CVE-2026-4890 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

* CVE-2026-4891 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

* CVE-2026-4891 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Severity
important
Lowest
Low
Medium
High
Critical

Announcement ID: SUSE-SU-2026:2458-1
Release Date: 2026-06-18T15:54:29Z
Rating: important

Topics%20covered

Topics Covered

security advisory denial of service SuSE important dnsmasq CVE mitigation

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here