dnsmasq-2.85-18.el9_8.1
エラータID: AXSA:2026-1206:06
The dnsmasq packages contain Dnsmasq, a lightweight DNS (Domain Name Server) forwarder and DHCP (Dynamic Host Configuration Protocol) server.
Security Fix(es):
* dnsmasq: dnsmasq: heap buffer overflow in cache via NAME_ESCAPE expansion (CVE-2026-2291)
* dnsmasq: NSEC bitmap parsing infinite loop (CVE-2026-4890)
* dnsmasq: RRSIG rdlen underflow leading to heap OOB read (CVE-2026-4891)
* dnsmasq: DHCPv6 CLID buffer overflow in helper process (CVE-2026-4892)
* dnsmasq: Broken ECS source validation bypass (CVE-2026-4893)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
CVE-2026-2291
dnsmasqs extract_name() function can be abused to cause a heap buffer overflow, allowing an attacker to inject false DNS cache entries, which could result in DNS lookups to redirect to an attacker-controlled IP address, or to cause a DoS.
CVE-2026-4890
A Denial of Service (DoS) vulnerability in the DNSSEC validation of dnsmasq allows remote attackers to cause a denial of service via a crafted DNS packet.
CVE-2026-4891
A heap-based out-of-bounds read vulnerability in the DNSSEC validation of dnsmasq allows remote attackers to cause a denial of service via a crafted DNS packet.
CVE-2026-4892
A heap-based out-of-bounds write vulnerability in the DHCPv6 implementation of dnsmasq allows local attackers to execute arbitrary code with root privileges via a crafted DHCPv6 packet.
CVE-2026-4893
An information disclosure vulnerability in dnsmasq allows remote attackers to bypass source checks via a crafted DNS packet with RFC 7871 client subnet information.
Update packages.
dnsmasqs extract_name() function can be abused to cause a heap buffer overflow, allowing an attacker to inject false DNS cache entries, which could result in DNS lookups to redirect to an attacker-controlled IP address, or to cause a DoS.
A Denial of Service (DoS) vulnerability in the DNSSEC validation of dnsmasq allows remote attackers to cause a denial of service via a crafted DNS packet.
A heap-based out-of-bounds read vulnerability in the DNSSEC validation of dnsmasq allows remote attackers to cause a denial of service via a crafted DNS packet.
A heap-based out-of-bounds write vulnerability in the DHCPv6 implementation of dnsmasq allows local attackers to execute arbitrary code with root privileges via a crafted DHCPv6 packet.
An information disclosure vulnerability in dnsmasq allows remote attackers to bypass source checks via a crafted DNS packet with RFC 7871 client subnet information.
N/A
SRPMS
- dnsmasq-2.85-18.el9_8.1.src.rpm
MD5: d617ca7343836c4b03bbdc112668b2f5
SHA-256: fa875dc943b51b605a35be44763c27716496861d777a4f0ee7379a8b7f4e1b35
Size: 586.91 kB
Asianux Server 9 for x86_64
- dnsmasq-2.85-18.el9_8.1.x86_64.rpm
MD5: 499b9514325c5e1799c1e3b3e80ed6d1
SHA-256: 4db25e5c776db4e3d5e041a94e7ec6daccae7af8a0524311435b5c64c21e0a36
Size: 329.72 kB - dnsmasq-utils-2.85-18.el9_8.1.x86_64.rpm
MD5: a1e5bdeea00b02b3581392982cc6acd3
SHA-256: b4780032388ece9615126471f970019b07de7d73a6a147f75d1df83bc375e939
Size: 37.73 kB