SUSE-SU-2026:21640-1

See a problem?
Please try reporting it to the source first.
Source
https://www.suse.com/support/update/announcement/2026/suse-su-202621640-1/
Import Source
https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2026:21640-1.json
JSON Data
https://api.test.osv.dev/v1/vulns/SUSE-SU-2026:21640-1
Upstream
  • CVE-2026-6507
Related
Published
2026-05-13T16:34:00Z
Modified
2026-05-16T18:24:36.091923450Z
Summary
Security update for dnsmasq
Details

This update for dnsmasq fixes the following issues

Security issues:

  • CVE-2026-2291: dnsmasq can be abused to record false cached data enabling DoS or attacker redirect (bsc#1258251).
  • CVE-2026-4890: DoS vulnerability in the DNSSEC validation (bsc#1265001).
  • CVE-2026-4891: heap-based out-of-bounds read vulnerability in the DNSSEC validation (bsc#1265002).
  • CVE-2026-4892: heap-based out-of-bounds write vulnerability in the DHCPv6 implementation (bsc#1265003).
  • CVE-2026-4893: information disclosure vulnerability in dnsmasq allows remote attackers to bypass source checks (bsc#1265004).
  • CVE-2026-5172: buffer overflow in dnsmasq's extract_addresses() function (bsc#1265006).
  • CVE-2026-6507: out-of-bounds write in DHCP BOOTREPLY processing can lead to denial of service (bsc#1262487).

Non security issues:

  • aardvark-dns upstream tests make dnsmasq dump core (bsc#1247812).
  • Drop rcFOO symlinks for CODE16 (jsc#PED-266.
  • libnettle: update to 4.0 breaks dnsmasq and gnutls (bsc#1257934).
  • unknown user or group: dnsmasq with latest proposed dnsmasq update when doing virsh net-start (bsc#1235517).
  • Update to security release 2.92rel2.
References

Affected packages