UbuntuUpdates.org

Package "dnsmasq-utils"

Name: dnsmasq-utils

Description:

Utilities for manipulating DHCP leases

Latest version: 2.90-0ubuntu0.22.04.4
Release: jammy (22.04)
Level: updates
Repository: main
Head package: dnsmasq
Homepage: http://www.thekelleys.org.uk/dnsmasq/doc.html

Links


Download "dnsmasq-utils"


Other versions of "dnsmasq-utils" in Jammy

Repository Area Version
base main 2.86-1.1
security main 2.90-0ubuntu0.22.04.4

Changelog

Version: 2.90-0ubuntu0.22.04.4 2026-07-14 20:09:11 UTC

  dnsmasq (2.90-0ubuntu0.22.04.4) jammy-security; urgency=medium

  * SECURITY UPDATE: Buffer overflow in log_query.
    - debian/patches/CVE-2026-12725.patch: Account for the "not supported"
      string in logs, and add checks to catch overflow in src/cache.c and
      src/dnssec.c
    - CVE-2026-12725
  * SECURITY UPDATE: Buffer OOB read in find_soa.
    - debian/patches/CVE-2026-12969.patch: change the extrabytes argument
      from 0 to 10 in src/rfc1035.c
    - CVE-2026-12969

 -- Kyle Kernick <email address hidden> Mon, 13 Jul 2026 16:13:19 -0600

Source diff to previous version
CVE-2026-12725 A heap-based buffer overflow was found in dnsmasq. When DNSSEC validation and query logging are both enabled, logging of DS or DNSKEY replies contain
CVE-2026-12969 An out-of-bounds read vulnerability exists in dnsmasq's find_soa() function in src/rfc1035.c. When parsing NS section records, extract_name() is call

Version: 2.90-0ubuntu0.22.04.3 2026-05-12 10:08:01 UTC

  dnsmasq (2.90-0ubuntu0.22.04.3) jammy-security; urgency=medium

  * SECURITY UPDATE: Heap buffer overflow on malicious caches in DNS
    forwarding.
    - debian/patches/CVE-2026-2291.patch: Expand char name size in
      src/dnsmasq.h.
    - CVE-2026-2291
  * SECURITY UPDATE: NSEC bitmap parsing infinite loop
    - debian/patches/CVE-2026-4890.patch: Correct erroneous iteration index
      in src/dnssec.c
    - CVE-2026-4890
  * SECURITY UPDATE: Unbounded length field in RRSIG packets.
    - debian/patches/CVE-2026-4891.patch: Validate rdlen in src/dnssec.c
    - CVE-2026-4891
  * SECURITY UPDATE: Buffer overflow in create_helper
    - debian/patches/CVE-2026-4892.patch: Add upper bound to for loop in
      src/helper.c
    - CVE-2026-4892
  * SECURITY UPDATE: Erroneous client subnet validation
    - debian/patches/CVE-2026-4893.patch: Fixed length passed to check_source
      in src/forward.c
    - CVE-2026-4893
  * SECURITY UPDATE: Buffer overflow in extract_addresses.
    - debian/patches/CVE-2026-5172.patch: Check index after extracting name
      in src/rfc1035.c
    - CVE-2026-5172
  * This update does not include the changes from 2.90-0ubuntu0.22.04.2.

 -- Kyle Kernick <email address hidden> Wed, 29 Apr 2026 13:56:04 -0600

Source diff to previous version
CVE-2026-2291 dnsmasqs extract_name() function can be abused to cause a heap buffer overflow, allowing an attacker to inject false DNS cache entries, which could r
CVE-2026-4890 A Denial of Service (DoS) vulnerability in the DNSSEC validation of dnsmasq allows remote attackers to cause a denial of service via a crafted DNS pa
CVE-2026-4891 A heap-based out-of-bounds read vulnerability in the DNSSEC validation of dnsmasq allows remote attackers to cause a denial of service via a crafted
CVE-2026-4892 A heap-based out-of-bounds write vulnerability in the DHCPv6 implementation of dnsmasq allows local attackers to execute arbitrary code with root pri
CVE-2026-4893 An information disclosure vulnerability in dnsmasq allows remote attackers to bypass source checks via a crafted DNS packet with RFC 7871 client subn
CVE-2026-5172 A buffer overflow in dnsmasq’s extract_addresses() function allows an attacker to trigger a heap out-of-bounds read and crash by exploiting a malform

Version: 2.90-0ubuntu0.22.04.1 2024-02-26 16:06:59 UTC

  dnsmasq (2.90-0ubuntu0.22.04.1) jammy-security; urgency=medium

  * Updated to 2.90 to fix multiple security issues.
    - debian/rules: specify lua version with LUA.
    - CVE-2023-50387, CVE-2023-50868
  * Convert package to source format 3.0 to ease maintenance going forward.

 -- Marc Deslauriers <email address hidden> Wed, 14 Feb 2024 14:23:43 -0500

Source diff to previous version
CVE-2023-50387 Certain DNSSEC aspects of the DNS protocol (in RFC 4033, 4034, 4035, 6840, and related RFCs) allow remote attackers to cause a denial of service (CPU
CVE-2023-50868 The Closest Encloser Proof aspect of the DNS protocol (in RFC 5155 when RFC 9276 guidance is skipped) allows remote attackers to cause a denial of se

Version: 2.86-1.1ubuntu0.5 2024-01-31 21:10:49 UTC

  dnsmasq (2.86-1.1ubuntu0.5) jammy; urgency=medium

  * src/dnsmasq.c: Fix a crash that can happen when an empty resolv.conf is
    reloaded (LP: #2045570)
  * src/helper.c: Fix wrong client address for dhcp-script when DHCPv4 relay
    in use (LP: #2042587)

 -- Andreas Hasenack <email address hidden> Thu, 11 Jan 2024 09:21:27 -0300

Source diff to previous version
2045570 dnsmasq crash when no servers in resolv.conf
2042587 jammy's version breaks existing dhcp scripts with relay

Version: 2.86-1.1ubuntu0.4 2024-01-09 22:06:58 UTC

  dnsmasq (2.86-1.1ubuntu0.4) jammy; urgency=medium

  * src/dnsmasq.h, src/domain-match.c: Fix confusion when using resolvconf
    servers (combining server|address for a domain), resulting in the struct
    server datastructure for server=/domain/# getting passed to
    forward_query(), rapidly followed by a SEGV. This fix makes
    server=/domain/# a fully fledged member of the priority list.
    The code added here is a cherry pick released in upstream version
    2.87, originating at
    https://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=commit;h=de372d69
    (LP: #2015562)

 -- Miriam España Acebal <email address hidden> Thu, 20 Apr 2023 11:00:27 +0200

2015562 [SRU] Segfault in dnsmasq when using certain static domain entries + DoH (bugfix possibly exists upstream)



About   -   Send Feedback to @ubuntu_updates