Security News

Cybersecurity news aggregator

🔄
HIGH Updates Red Hat Errata

RHSA-2026:20589: Important: dnsmasq security update

cve-2026-2291red-hatcve-2026-4890cve-2026-4891cve-2026-4892
This Red Hat security advisory addresses five vulnerabilities in dnsmasq, including multiple heap buffer overflows, an infinite loop, and a validation bypass, which could lead to denial of service or arbitrary code execution. The CVSS scores for three referenced CVEs range from High (7.5) to Medium (5.3). The update fixes these issues; affected systems are running Red Hat Enterprise Linux 8, and the specific patched package version provided is dnsmasq-2.79-36.el8_10.
Read Full Article →

Red Hat Product Errata RHSA-2026:20589 - Security Advisory Issued: 2026-05-26 Updated: 2026-05-26 RHSA-2026:20589 - Security Advisory Overview Updated Packages Synopsis Important: dnsmasq security update Type/Severity Security Advisory: Important Red Hat Lightspeed patch analysis Identify and remediate systems affected by this advisory. View affected systems Topic An update for dnsmasq is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Description The dnsmasq packages contain Dnsmasq, a lightweight DNS (Domain Name Server) forwarder and DHCP (Dynamic Host Configuration Protocol) server. Security Fix(es): dnsmasq: dnsmasq: heap buffer overflow in cache via NAME_ESCAPE expansion (CVE-2026-2291) dnsmasq: NSEC bitmap parsing infinite loop (CVE-2026-4890) dnsmasq: RRSIG rdlen underflow leading to heap OOB read (CVE-2026-4891) dnsmasq: DHCPv6 CLID buffer overflow in helper process (CVE-2026-4892) dnsmasq: Broken ECS source validation bypass (CVE-2026-4893) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Solution For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 Affected Products Red Hat Enterprise Linux for x86_64 8 x86_64 Red Hat Enterprise Linux for IBM z Systems 8 s390x Red Hat Enterprise Linux for Power, little endian 8 ppc64le Red Hat Enterprise Linux for ARM 64 8 aarch64 Red Hat Enterprise Linux for x86_64 - Extended Life Cycle 8.10 x86_64 Red Hat Enterprise Linux for ARM 64 - Extended Life Cycle 8.10 aarch64 Red Hat Enterprise Linux for Power, little endian - Extended Life Cycle 8.10 ppc64le Red Hat Enterprise Linux for IBM z Systems - Extended Life Cycle 8.10 s390x Fixes BZ - 2439088 - CVE-2026-2291 dnsmasq: dnsmasq: heap buffer overflow in cache via NAME_ESCAPE expansion BZ - 2458516 - CVE-2026-4890 dnsmasq: NSEC bitmap parsing infinite loop BZ - 2458517 - CVE-2026-4891 dnsmasq: RRSIG rdlen underflow leading to heap OOB read BZ - 2458518 - CVE-2026-4892 dnsmasq: DHCPv6 CLID buffer overflow in helper process BZ - 2458519 - CVE-2026-4893 dnsmasq: Broken ECS source validation bypass CVEs CVE-2026-2291 CVE-2026-4890 CVE-2026-4891 CVE-2026-4892 CVE-2026-4893 References https://access.redhat.com/security/updates/classification/#important Note: More recent versions of these packages may be available. Click a package name for more details. Red Hat Enterprise Linux for x86_64 8 SRPM dnsmasq-2.79-36.el8_10.src.rpm SHA-256: edd356da4ee2a146d1db1bed4910bb8c578b75ee36d7d69d345a8ea9087b362d x86_64 dnsmasq-2.79-36.el8_10.x86_64.rpm SHA-256: cee9e740279c99edbfb20a4f0dd13a1d270703835b331a58c8106026d92ee38e dnsmasq-debuginfo-2.79-36.el8_10.x86_64.rpm SHA-256: 00ac9f61d09c9cc2160ec94ef2f04a484e976e28e791820345a5af0fd7c6088e dnsmasq-debugsource-2.79-36.el8_10.x86_64.rpm SHA-256: 2cc568436eedf871dda27eadfe9a9bead517cc2bf9a6c82655ef9c6f63bef9db dnsmasq-utils-2.79-36.el8_10.x86_64.rpm SHA-256: 6d7a0ab75654007788a6ccd5494852d6d1416cd77234745d91206e4e231c09ed dnsmasq-utils-debuginfo-2.79-36.el8_10.x86_64.rpm SHA-256: aa9c6ffa3cfd4168f48a9c3298937cda65a8eac0c6850ac82fd6e8d1c83d340e Red Hat Enterprise Linux for IBM z Systems 8 SRPM dnsmasq-2.79-36.el8_10.src.rpm SHA-256: edd356da4ee2a146d1db1bed4910bb8c578b75ee36d7d69d345a8ea9087b362d s390x dnsmasq-2.79-36.el8_10.s390x.rpm SHA-256: 4d2fdc344bc4330355a6a98ff3a1d36b148d5d305d6c9d0ee25620c2501118aa dnsmasq-debuginfo-2.79-36.el8_10.s390x.rpm SHA-256: bd317dad226e660f6c88fdcf26171d8379a9a5ccdad97b6d1e333c7ee15fe746 dnsmasq-debugsource-2.79-36.el8_10.s390x.rpm SHA-256: 6d6f72190c2d25ceb1573e24a52d1c18d023def82d6e9fbe66ff1880744f9c32 dnsmasq-utils-2.79-36.el8_10.s390x.rpm SHA-256: 3f52b4c56dc8ecfda481e5571dfe2ea6ff190d5251c3a56f108d2e65733914ee dnsmasq-utils-debuginfo-2.79-36.el8_10.s390x.rpm SHA-256: 0be60964f2c4ff89d0e6b4865cb99f5aec7083a6ba879c44c1ec5c9e2cfe31da Red Hat Enterprise Linux for Power, little endian 8 SRPM dnsmasq-2.79-36.el8_10.src.rpm SHA-256: edd356da4ee2a146d1db1bed4910bb8c578b75ee36d7d69d345a8ea9087b362d ppc64le dnsmasq-2.79-36.el8_10.ppc64le.rpm SHA-256: bc840150083347931d29c43e734be1e737b7d8943dc399885cf79c43ee05c370 dnsmasq-debuginfo-2.79-36.el8_10.ppc64le.rpm SHA-256: 0aed6f4917ac55a83ccf26d1aca99bac97e8f17237f3c4521b403e0731a23d9e dnsmasq-debugsource-2.79-36.el8_10.ppc64le.rpm SHA-256: cdf670e93b48ea13df21033dbe3cc1b9cad8d0a96589dbcfa14b07d73c0477c7 dnsmasq-utils-2.79-36.el8_10.ppc64le.rpm SHA-256: ec4ba4f384d3509138c247a8982078fdce3243240fe783083d229c92eaff83f1 dnsmasq-utils-debuginfo-2.79-36.el8_10.ppc64le.rpm SHA-256: 979c0ef46f2789a12e88bea9f0e3dbcc87ec4080f214e914b01b8613c5247037 Red Hat Enterprise Linux for ARM 64 8 SRPM dnsmasq-2.79-36.el8_10.src.rpm SHA-256: edd356da4ee2a146d1db1bed4910bb8c578b75ee36d7d69d345a8ea9087b362d aarch64 dnsmasq-2.79-36.el8_10.aarch64.rpm SHA-256: 38010943531b4eeea6ecb683ccf13f57033e972dd5f7002866e0a6e613c89295 dnsmasq-debuginfo-2.79-36.el8_10.aarch64.rpm SHA-256: 38a32f3978684566c1d10e79b72cf19f5dd8415e41fd0f652a4090f952b4e1b8 dnsmasq-debugsource-2.79-36.el8_10.aarch64.rpm SHA-256: 40624b618a0b9e87bfde9bb2b416a7672cdcc7cc86f1c984ab6a4fe8ea2fae2b dnsmasq-utils-2.79-36.el8_10.aarch64.rpm SHA-256: 9094244a24a2d1e78512151c9658927a115bb9c72757c5d12cb502dbff5ab413 dnsmasq-utils-debuginfo-2.79-36.el8_10.aarch64.rpm SHA-256: d5411e8cbfe354c2179d4448442976ecc244e3354363bb2c7022ac842eae7d71 Red Hat Enterprise Linux for x86_64 - Extended Life Cycle 8.10 SRPM dnsmasq-2.79-36.el8_10.src.rpm SHA-256: edd356da4ee2a146d1db1bed4910bb8c578b75ee36d7d69d345a8ea9087b362d x86_64 dnsmasq-2.79-36.el8_10.x86_64.rpm SHA-256: cee9e740279c99edbfb20a4f0dd13a1d270703835b331a58c8106026d92ee38e dnsmasq-debuginfo-2.79-36.el8_10.x86_64.rpm SHA-256: 00ac9f61d09c9cc2160ec94ef2f04a484e976e28e791820345a5af0fd7c6088e dnsmasq-debugsource-2.79-36.el8_10.x86_64.rpm SHA-256: 2cc568436eedf871dda27eadfe9a9bead517cc2bf9a6c82655ef9c6f63bef9db dnsmasq-utils-2.79-36.el8_10.x86_64.rpm SHA-256: 6d7a0ab75654007788a6ccd5494852d6d1416cd77234745d91206e4e231c09ed dnsmasq-utils-debuginfo-2.79-36.el8_10.x86_64.rpm SHA-256: aa9c6ffa3cfd4168f48a9c3298937cda65a8eac0c6850ac82fd6e8d1c83d340e Red Hat Enterprise Linux for ARM 64 - Extended Life Cycle 8.10 SRPM dnsmasq-2.79-36.el8_10.src.rpm SHA-256: edd356da4ee2a146d1db1bed4910bb8c578b75ee36d7d69d345a8ea9087b362d aarch64 dnsmasq-2.79-36.el8_10.aarch64.rpm SHA-256: 38010943531b4eeea6ecb683ccf13f57033e972dd5f7002866e0a6e613c89295 dnsmasq-debuginfo-2.79-36.el8_10.aarch64.rpm SHA-256: 38a32f3978684566c1d10e79b72cf19f5dd8415e41fd0f652a4090f952b4e1b8 dnsmasq-debugsource-2.79-36.el8_10.aarch64.rpm SHA-256: 40624b618a0b9e87bfde9bb2b416a7672cdcc7cc86f1c984ab6a4fe8ea2fae2b dnsmasq-utils-2.79-36.el8_10.aarch64.rpm SHA-256: 9094244a24a2d1e78512151c9658927a115bb9c72757c5d12cb502dbff5ab413 dnsmasq-utils-debuginfo-2.79-36.el8_10.aarch64.rpm SHA-256: d5411e8cbfe354c2179d4448442976ecc244e3354363bb2c7022ac842eae7d71 Red Hat Enterprise Linux for Power, little endian - Extended Life Cycle 8.10 SRPM dnsmasq-2.79-36.el8_10.src.rpm SHA-256: edd356da4ee2a146d1db1bed4910bb8c578b75ee36d7d69d345a8ea9087b362d ppc64le dnsmasq-2.79-36.el8_10.ppc64le.rpm SHA-256: bc840150083347931d29c43e734be1e737b7d8943dc399885cf79c43ee05c370 dnsmasq-debuginfo-2.79-36.el8_10.ppc64le.rpm SHA-256: 0aed6f4917ac55a83ccf26d1aca99bac97e8f17237f3c4521b403e0731a23d9e dnsmasq-debugsource-2.79-36.el8_10.ppc64le.rpm SHA-256: cdf670e93b48ea13df21033dbe3cc1b9cad8d0a96589dbcfa14b07d73c0477c7 dnsmasq-utils-2.79-36.el8_10.ppc64le.rpm SHA-256: ec4ba4f384d3509138c247a8982078fdce3243240fe783083d229c92eaff83f1 dnsmasq-utils-debuginfo-2.79-36.el8_10.ppc64le.rpm SHA-256: 979c0ef46f2789a12e88bea9f0e3dbcc87ec4080f214e914b01b8613c5247037 Red Hat Enterprise Linux for IBM z Systems - Extended Life Cycle 8.10 SRPM dnsmasq-2.79-36.el8_10.src.rpm SHA-256: edd356da4ee2a146d1db1bed4910bb8c578b75ee36d7d69d345a8ea9087b362d s390x dnsmasq-2.79-36.el8_10.s390x.rpm SHA-256: 4d2fdc344bc4330355a6a98ff3a1d36b148d5d305d6c9d0ee25620c2501118aa dnsmasq-debuginfo-2.79-36.el8_10.s390x.rpm SHA-256: bd317dad226e660f6c88fdcf26171d8379a9a5ccdad97b6d1e333c7ee15fe746 dnsmasq-debugsource-2.79-36.el8_10.s390x.rpm SHA-256: 6d6f72190c2d25ceb1573e24a52d1c18d023def82d6e9fbe66ff1880744f9c32 dnsmasq-utils-2.79-36.el8_10.s390x.rpm SHA-256: 3f52b4c56dc8ecfda481e5571dfe2ea6ff190d5251c3a56f108d2e65733914ee dnsmasq-utils-debuginfo-2.79-36.el8_10.s390x.rpm SHA-256: 0be60964f2c4ff89d0e6b4865cb99f5aec7083a6ba879c44c1ec5c9e2cfe31da The Red Hat security contact is secalert@redhat.com . More contact details at https://access.redhat.com/security/team/contact/ .

Related Articles

HIGH RHSA-2026:19373: Important: dnsmasq security update Red Hat Errata MEDIUM DSA-6264-1 dnsmasq - security update Debian Security HIGH VU#471747: dnsmasq contains several vulnerabilities, including attacker DNS redirect, privilege escalation, and heap manipulation CERT/CC HIGH USN-8268-1: Dnsmasq vulnerabilities Ubuntu Security
Read Full Article → ← Back to News

Share this article

Twitter Facebook LinkedIn