ALSA-2026:20589

[ALSA-2026:20589] Important: dnsmasq security update

Type:

security

Severity:

important

Release date:

2026-05-26

Description:

The dnsmasq packages contain Dnsmasq, a lightweight DNS (Domain Name Server) forwarder and DHCP (Dynamic Host Configuration Protocol) server.  

Security Fix(es):  

  * dnsmasq: dnsmasq: heap buffer overflow in cache via NAME_ESCAPE expansion (CVE-2026-2291)
  * dnsmasq: NSEC bitmap parsing infinite loop (CVE-2026-4890)
  * dnsmasq: RRSIG rdlen underflow leading to heap OOB read (CVE-2026-4891)
  * dnsmasq: DHCPv6 CLID buffer overflow in helper process (CVE-2026-4892)
  * dnsmasq: Broken ECS source validation bypass (CVE-2026-4893)


For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

References:

Updated packages listed below:

Architecture	Package	Checksum
aarch64	dnsmasq-2.79-36.el8_10.aarch64.rpm	06c5e22c7ed3fe993daee44f74cac736c56a88df25cdb54f04a1bdeefa8f9929
aarch64	dnsmasq-utils-2.79-36.el8_10.aarch64.rpm	78adb7f193fdbc75111322721e1d3477b830995722a45e59041cf7e4483092eb
ppc64le	dnsmasq-2.79-36.el8_10.ppc64le.rpm	396a4f3ef59b43d9f4a2c6626a2a468e5432f91a22217e1c9d87a504c116470b
ppc64le	dnsmasq-utils-2.79-36.el8_10.ppc64le.rpm	469584c79deedd61d0487fe0295d0805fc29d4463d622850e33ae5725fe1214a
s390x	dnsmasq-utils-2.79-36.el8_10.s390x.rpm	38f3371bb3f4acab605f2bdf9aadaaeb31578a36692af3df21e64e833ec96c2a
s390x	dnsmasq-2.79-36.el8_10.s390x.rpm	4793aef1a9ac593a4e6116fa1c2287117030d110079c920b345b5aa712bc76f5
x86_64	dnsmasq-utils-2.79-36.el8_10.x86_64.rpm	2eb0af61b5a150e173daeacd13165cf227b4c8210310bf22b30fe08aa740db10
x86_64	dnsmasq-2.79-36.el8_10.x86_64.rpm	be8821323a0b23f30c9543d5c58dfd85712f93f35225ba27705a8433fc7ccf46

Notes:

This page is generated automatically from Red Hat security data and has not been checked for errors. For clarification or corrections please contact the AlmaLinux Packaging Team.