{"id":"MGASA-2026-0135","summary":"Updated dnsmasq packages fix security vulnerabilities","details":"CVE-2026-2291: dnsmasqs extract_name() function can be abused to cause a\nheap buffer overflow, allowing an attacker to inject false DNS cache\nentries, which could result in DNS lookups to redirect to an\nattacker-controlled IP address, or to cause a DoS.\n        CVE-2026-4890: A Denial of Service (DoS) vulnerability in the\nDNSSEC validation of dnsmasq allows remote attackers to cause a denial\nof service via a crafted DNS packet.\n        CVE-2026-4891: A heap-based out-of-bounds read vulnerability in\nthe DNSSEC validation of dnsmasq allows remote attackers to cause a\ndenial of service via a crafted DNS packet.\n        CVE-2026-4892: A heap-based out-of-bounds write vulnerability in\nthe DHCPv6 implementation of dnsmasq allows local attackers to execute\narbitrary code with root privileges via a crafted DHCPv6 packet.\n        CVE-2026-4893: An information disclosure vulnerability in\ndnsmasq allows remote attackers to bypass source checks via a crafted\nDNS packet with RFC 7871 client subnet information.\n        CVE-2026-5172: A buffer overflow in dnsmasq’s\nextract_addresses() function allows an attacker to trigger a heap\nout-of-bounds read and crash by exploiting a malformed DNS response,\nenabling extract_name() to advance the pointer past the record’s end.\n","modified":"2026-05-14T02:45:20.443426Z","published":"2026-05-14T02:43:25Z","upstream":["CVE-2026-2291","CVE-2026-4890","CVE-2026-4891","CVE-2026-4892","CVE-2026-4893","CVE-2026-5172"],"references":[{"type":"ADVISORY","url":"https://advisories.mageia.org/MGASA-2026-0135.html"},{"type":"REPORT","url":"https://bugs.mageia.org/show_bug.cgi?id=35520"},{"type":"WEB","url":"https://thekelleys.org.uk/dnsmasq/CHANGELOG"}],"affected":[{"package":{"name":"dnsmasq","ecosystem":"Mageia:9","purl":"pkg:rpm/mageia/dnsmasq?arch=source&distro=mageia-9"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2.92rel2-1.mga9"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2026-0135.json"}}],"schema_version":"1.7.5","credits":[{"name":"Mageia","contact":["https://wiki.mageia.org/en/Packages_Security_Team"],"type":"COORDINATOR"}]}