Security News

Cybersecurity news aggregator

🔄
HIGH Updates Red Hat Errata

RHSA-2026:19373: Important: dnsmasq security update

dnsmasqcve-2026-2291red-hatcve-2026-4890cve-2026-4891
This Red Hat security advisory addresses five vulnerabilities in dnsmasq, including multiple heap buffer overflows (CVE-2026-2291, CVE-2026-4892), an infinite loop (CVE-2026-4890), a heap out-of-bounds read (CVE-2026-4891), and a validation bypass (CVE-2026-4893), which could lead to denial of service or remote code execution. The CVSS scores for the specified CVEs range from 5.3 (MEDIUM) to 7.5 (HIGH). The update is rated Important and applies to dnsmasq packages on all listed Red Hat Enterprise Linux 9 architectures.
Read Full Article →

Red Hat Product Errata RHSA-2026:19373 - Security Advisory Issued: 2026-05-19 Updated: 2026-05-19 RHSA-2026:19373 - Security Advisory Overview Updated Packages Synopsis Important: dnsmasq security update Type/Severity Security Advisory: Important Red Hat Lightspeed patch analysis Identify and remediate systems affected by this advisory. View affected systems Topic An update for dnsmasq is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Description The dnsmasq packages contain Dnsmasq, a lightweight DNS (Domain Name Server) forwarder and DHCP (Dynamic Host Configuration Protocol) server. Security Fix(es): dnsmasq: dnsmasq: heap buffer overflow in cache via NAME_ESCAPE expansion (CVE-2026-2291) dnsmasq: NSEC bitmap parsing infinite loop (CVE-2026-4890) dnsmasq: RRSIG rdlen underflow leading to heap OOB read (CVE-2026-4891) dnsmasq: DHCPv6 CLID buffer overflow in helper process (CVE-2026-4892) dnsmasq: Broken ECS source validation bypass (CVE-2026-4893) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Solution For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 Affected Products Red Hat Enterprise Linux for x86_64 9 x86_64 Red Hat Enterprise Linux for x86_64 - Extended Update Support 9.8 x86_64 Red Hat Enterprise Linux for IBM z Systems 9 s390x Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 9.8 s390x Red Hat Enterprise Linux for Power, little endian 9 ppc64le Red Hat Enterprise Linux for ARM 64 9 aarch64 Red Hat Enterprise Linux for ARM 64 - Extended Update Support 9.8 aarch64 Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 9.8 ppc64le Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 9.8 x86_64 Red Hat Enterprise Linux for ARM 64 - Extended Life Cycle 9.8 aarch64 Red Hat Enterprise Linux for Power, little endian - Extended Life Cycle 9.8 ppc64le Red Hat Enterprise Linux for IBM z Systems - Extended Life Cycle 9.8 s390x Fixes BZ - 2439088 - CVE-2026-2291 dnsmasq: dnsmasq: heap buffer overflow in cache via NAME_ESCAPE expansion BZ - 2458516 - CVE-2026-4890 dnsmasq: NSEC bitmap parsing infinite loop BZ - 2458517 - CVE-2026-4891 dnsmasq: RRSIG rdlen underflow leading to heap OOB read BZ - 2458518 - CVE-2026-4892 dnsmasq: DHCPv6 CLID buffer overflow in helper process BZ - 2458519 - CVE-2026-4893 dnsmasq: Broken ECS source validation bypass CVEs CVE-2026-2291 CVE-2026-4890 CVE-2026-4891 CVE-2026-4892 CVE-2026-4893 References https://access.redhat.com/security/updates/classification/#important Note: More recent versions of these packages may be available. Click a package name for more details. Red Hat Enterprise Linux for x86_64 9 SRPM dnsmasq-2.85-18.el9_8.1.src.rpm SHA-256: 2a8159bd0228d865f04bdcebfc7fea412a7e5d025db44e82c83af0cdc26da3ae x86_64 dnsmasq-2.85-18.el9_8.1.x86_64.rpm SHA-256: af25aa339c77890152176a17a981bf85434907267682a299f43da1cbd542e66c dnsmasq-debuginfo-2.85-18.el9_8.1.x86_64.rpm SHA-256: 9ee1dbce5c6fe9a03493aec342a15c927d6f2e9fc05e810d1accb599d6557dfc dnsmasq-debugsource-2.85-18.el9_8.1.x86_64.rpm SHA-256: 2e2123c669cb5acc5c4852382b483010f81205e7064869f4c42a7208ec674479 dnsmasq-utils-2.85-18.el9_8.1.x86_64.rpm SHA-256: 6645c80bc22e30918c107451a621f13eef18a309b38b112300dc0a4d3e487ffe dnsmasq-utils-debuginfo-2.85-18.el9_8.1.x86_64.rpm SHA-256: 7b1e03c05a2126872d7ee87bf6460708793b30e6865e04568d5a3da160844abc Red Hat Enterprise Linux for x86_64 - Extended Update Support 9.8 SRPM dnsmasq-2.85-18.el9_8.1.src.rpm SHA-256: 2a8159bd0228d865f04bdcebfc7fea412a7e5d025db44e82c83af0cdc26da3ae x86_64 dnsmasq-2.85-18.el9_8.1.x86_64.rpm SHA-256: af25aa339c77890152176a17a981bf85434907267682a299f43da1cbd542e66c dnsmasq-debuginfo-2.85-18.el9_8.1.x86_64.rpm SHA-256: 9ee1dbce5c6fe9a03493aec342a15c927d6f2e9fc05e810d1accb599d6557dfc dnsmasq-debugsource-2.85-18.el9_8.1.x86_64.rpm SHA-256: 2e2123c669cb5acc5c4852382b483010f81205e7064869f4c42a7208ec674479 dnsmasq-utils-2.85-18.el9_8.1.x86_64.rpm SHA-256: 6645c80bc22e30918c107451a621f13eef18a309b38b112300dc0a4d3e487ffe dnsmasq-utils-debuginfo-2.85-18.el9_8.1.x86_64.rpm SHA-256: 7b1e03c05a2126872d7ee87bf6460708793b30e6865e04568d5a3da160844abc Red Hat Enterprise Linux for IBM z Systems 9 SRPM dnsmasq-2.85-18.el9_8.1.src.rpm SHA-256: 2a8159bd0228d865f04bdcebfc7fea412a7e5d025db44e82c83af0cdc26da3ae s390x dnsmasq-2.85-18.el9_8.1.s390x.rpm SHA-256: 91595eab9bd040eca4c57b5a911a90c1cc34658399a00ba4a3d4a21eda2422a7 dnsmasq-debuginfo-2.85-18.el9_8.1.s390x.rpm SHA-256: 0383052d747f03eba33f4e057e6cd35136714394ae33362a22d99a0409fdf73d dnsmasq-debugsource-2.85-18.el9_8.1.s390x.rpm SHA-256: 19e00a886d8b48c5368b46da503053f11322e09b8fd8d5ac80d8aff10faccdc2 dnsmasq-utils-2.85-18.el9_8.1.s390x.rpm SHA-256: 4e86009b3e698de8986071d13282e96793dd38c5bfce5c3933d3864e00b6f770 dnsmasq-utils-debuginfo-2.85-18.el9_8.1.s390x.rpm SHA-256: ca6e39509e4d880fcaaa2169612076b0d00126ed1be160e98b1621416721cea3 Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 9.8 SRPM dnsmasq-2.85-18.el9_8.1.src.rpm SHA-256: 2a8159bd0228d865f04bdcebfc7fea412a7e5d025db44e82c83af0cdc26da3ae s390x dnsmasq-2.85-18.el9_8.1.s390x.rpm SHA-256: 91595eab9bd040eca4c57b5a911a90c1cc34658399a00ba4a3d4a21eda2422a7 dnsmasq-debuginfo-2.85-18.el9_8.1.s390x.rpm SHA-256: 0383052d747f03eba33f4e057e6cd35136714394ae33362a22d99a0409fdf73d dnsmasq-debugsource-2.85-18.el9_8.1.s390x.rpm SHA-256: 19e00a886d8b48c5368b46da503053f11322e09b8fd8d5ac80d8aff10faccdc2 dnsmasq-utils-2.85-18.el9_8.1.s390x.rpm SHA-256: 4e86009b3e698de8986071d13282e96793dd38c5bfce5c3933d3864e00b6f770 dnsmasq-utils-debuginfo-2.85-18.el9_8.1.s390x.rpm SHA-256: ca6e39509e4d880fcaaa2169612076b0d00126ed1be160e98b1621416721cea3 Red Hat Enterprise Linux for Power, little endian 9 SRPM dnsmasq-2.85-18.el9_8.1.src.rpm SHA-256: 2a8159bd0228d865f04bdcebfc7fea412a7e5d025db44e82c83af0cdc26da3ae ppc64le dnsmasq-2.85-18.el9_8.1.ppc64le.rpm SHA-256: 7bf0ba70b7264e8fa4ca0d4befd321b348822f47020a86b57bf62d72cb324e36 dnsmasq-debuginfo-2.85-18.el9_8.1.ppc64le.rpm SHA-256: ceb9320965333d7d993aa7681c2a2080ba5cae60a672a37e051f2e3d063ed5b7 dnsmasq-debugsource-2.85-18.el9_8.1.ppc64le.rpm SHA-256: fe5dd86f500a2f72cdcb047c013d5e8776ea7928ecba44f371a9f51c211db3ea dnsmasq-utils-2.85-18.el9_8.1.ppc64le.rpm SHA-256: bdf2c110707a97e5c9dbafbc6f94ba1c5495ac2a4fdbf9b30b7ac302fbecfb07 dnsmasq-utils-debuginfo-2.85-18.el9_8.1.ppc64le.rpm SHA-256: db3b4f753b51ec04569d13eb756de49618fcd5dc84352f8b7f6731f00cf3c61f Red Hat Enterprise Linux for ARM 64 9 SRPM dnsmasq-2.85-18.el9_8.1.src.rpm SHA-256: 2a8159bd0228d865f04bdcebfc7fea412a7e5d025db44e82c83af0cdc26da3ae aarch64 dnsmasq-2.85-18.el9_8.1.aarch64.rpm SHA-256: 86943822d81688a7bd71e4e99c798698453e3b192c362244ff7d4ae7bfdc19ec dnsmasq-debuginfo-2.85-18.el9_8.1.aarch64.rpm SHA-256: 784e1dc414e665d44343f5abc5767705ade6d778c0b69025f35b50114a3d8a71 dnsmasq-debugsource-2.85-18.el9_8.1.aarch64.rpm SHA-256: 9b865866071385d8cb1cb61ca9f323f9fe41d39ee942fc6bac7f0f037c399871 dnsmasq-utils-2.85-18.el9_8.1.aarch64.rpm SHA-256: 558bd7b0eab0540695d648d14c8e65d686bf561fcd21bd51db16a37431fa948d dnsmasq-utils-debuginfo-2.85-18.el9_8.1.aarch64.rpm SHA-256: affe590bb53cbbd5bec04f1ef0ae3c48e15d62ac5f439fef99b9ecab8286a85c Red Hat Enterprise Linux for ARM 64 - Extended Update Support 9.8 SRPM dnsmasq-2.85-18.el9_8.1.src.rpm SHA-256: 2a8159bd0228d865f04bdcebfc7fea412a7e5d025db44e82c83af0cdc26da3ae aarch64 dnsmasq-2.85-18.el9_8.1.aarch64.rpm SHA-256: 86943822d81688a7bd71e4e99c798698453e3b192c362244ff7d4ae7bfdc19ec dnsmasq-debuginfo-2.85-18.el9_8.1.aarch64.rpm SHA-256: 784e1dc414e665d44343f5abc5767705ade6d778c0b69025f35b50114a3d8a71 dnsmasq-debugsource-2.85-18.el9_8.1.aarch64.rpm SHA-256: 9b865866071385d8cb1cb61ca9f323f9fe41d39ee942fc6bac7f0f037c399871 dnsmasq-utils-2.85-18.el9_8.1.aarch64.rpm SHA-256: 558bd7b0eab0540695d648d14c8e65d686bf561fcd21bd51db16a37431fa948d dnsmasq-utils-debuginfo-2.85-18.el9_8.1.aarch64.rpm SHA-256: affe590bb53cbbd5bec04f1ef0ae3c48e15d62ac5f439fef99b9ecab8286a85c Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 9.8 SRPM dnsmasq-2.85-18.el9_8.1.src.rpm SHA-256: 2a8159bd0228d865f04bdcebfc7fea412a7e5d025db44e82c83af0cdc26da3ae ppc64le dnsmasq-2.85-18.el9_8.1.ppc64le.rpm SHA-256: 7bf0ba70b7264e8fa4ca0d4befd321b348822f47020a86b57bf62d72cb324e36 dnsmasq-debuginfo-2.85-18.el9_8.1.ppc64le.rpm SHA-256: ceb9320965333d7d993aa7681c2a2080ba5cae60a672a37e051f2e3d063ed5b7 dnsmasq-debugsource-2.85-18.el9_8.1.ppc64le.rpm SHA-256: fe5dd86f500a2f72cdcb047c013d5e8776ea7928ecba44f371a9f51c211db3ea dnsmasq-utils-2.85-18.el9_8.1.ppc64le.rpm SHA-256: bdf2c110707a97e5c9dbafbc6f94ba1c5495ac2a4fdbf9b30b7ac302fbecfb07 dnsmasq-utils-debuginfo-2.85-18.el9_8.1.ppc64le.rpm SHA-256: db3b4f753b51ec04569d13eb756de49618fcd5dc84352f8b7f6731f00cf3c61f Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 9.8 SRPM dnsmasq-2.85-18.el9_8.1.src.rpm SHA-256: 2a8159bd0228d865f04bdcebfc7fea412a7e5d025db44e82c83af0cdc26da3ae x86_64 dnsmasq-2.85-18.el9_8.1.x86_64.rpm SHA-256: af25aa339c77890152176a17a981bf85434907267682a299f43da1cbd542e66c dnsmasq-debuginfo-2.85-18.el9_8.1.x86_64.rpm SHA-256: 9ee1dbce5c6fe9a03493aec342a15c927d6f2e9fc05e810d1accb599d6557dfc dnsmasq-debugsource-2.85-18.el9_8.1.x86_64.rpm SHA-256: 2e2123c669cb5acc5c4852382b483010f81205e7064869f4c42a7208ec674479 dnsmasq-utils-2.85-18.el9_8.1.x86_64.rpm SHA-256: 6645c80bc22e30918c107451a621f13eef18a309b38b112300dc0a4d3e487ffe dnsmasq-utils-debuginfo-2.85-18.el9_8.1.x86_64.rpm SHA-256: 7b1e03c05a2126872d7ee87bf6460708793b30e68

Related Articles

HIGH RHSA-2026:20589: Important: dnsmasq security update Red Hat Errata MEDIUM DSA-6264-1 dnsmasq - security update Debian Security HIGH VU#471747: dnsmasq contains several vulnerabilities, including attacker DNS redirect, privilege escalation, and heap manipulation CERT/CC HIGH USN-8268-1: Dnsmasq vulnerabilities Ubuntu Security
Read Full Article → ← Back to News

Share this article

Twitter Facebook LinkedIn