Package "dnsmasq-utils"
Links
Download "dnsmasq-utils"
Other versions of "dnsmasq-utils" in Jammy
Changelog
|
dnsmasq (2.90-0ubuntu0.22.04.4) jammy-security; urgency=medium
* SECURITY UPDATE: Buffer overflow in log_query.
- debian/patches/CVE-2026-12725.patch: Account for the "not supported"
string in logs, and add checks to catch overflow in src/cache.c and
src/dnssec.c
- CVE-2026-12725
* SECURITY UPDATE: Buffer OOB read in find_soa.
- debian/patches/CVE-2026-12969.patch: change the extrabytes argument
from 0 to 10 in src/rfc1035.c
- CVE-2026-12969
-- Kyle Kernick <email address hidden> Mon, 13 Jul 2026 16:13:19 -0600
|
| Source diff to previous version |
| CVE-2026-12725 |
A heap-based buffer overflow was found in dnsmasq. When DNSSEC validation and query logging are both enabled, logging of DS or DNSKEY replies contain |
| CVE-2026-12969 |
An out-of-bounds read vulnerability exists in dnsmasq's find_soa() function in src/rfc1035.c. When parsing NS section records, extract_name() is call |
|
|
dnsmasq (2.90-0ubuntu0.22.04.3) jammy-security; urgency=medium
* SECURITY UPDATE: Heap buffer overflow on malicious caches in DNS
forwarding.
- debian/patches/CVE-2026-2291.patch: Expand char name size in
src/dnsmasq.h.
- CVE-2026-2291
* SECURITY UPDATE: NSEC bitmap parsing infinite loop
- debian/patches/CVE-2026-4890.patch: Correct erroneous iteration index
in src/dnssec.c
- CVE-2026-4890
* SECURITY UPDATE: Unbounded length field in RRSIG packets.
- debian/patches/CVE-2026-4891.patch: Validate rdlen in src/dnssec.c
- CVE-2026-4891
* SECURITY UPDATE: Buffer overflow in create_helper
- debian/patches/CVE-2026-4892.patch: Add upper bound to for loop in
src/helper.c
- CVE-2026-4892
* SECURITY UPDATE: Erroneous client subnet validation
- debian/patches/CVE-2026-4893.patch: Fixed length passed to check_source
in src/forward.c
- CVE-2026-4893
* SECURITY UPDATE: Buffer overflow in extract_addresses.
- debian/patches/CVE-2026-5172.patch: Check index after extracting name
in src/rfc1035.c
- CVE-2026-5172
* This update does not include the changes from 2.90-0ubuntu0.22.04.2.
-- Kyle Kernick <email address hidden> Wed, 29 Apr 2026 13:56:04 -0600
|
| Source diff to previous version |
| CVE-2026-2291 |
dnsmasqs extract_name() function can be abused to cause a heap buffer overflow, allowing an attacker to inject false DNS cache entries, which could r |
| CVE-2026-4890 |
A Denial of Service (DoS) vulnerability in the DNSSEC validation of dnsmasq allows remote attackers to cause a denial of service via a crafted DNS pa |
| CVE-2026-4891 |
A heap-based out-of-bounds read vulnerability in the DNSSEC validation of dnsmasq allows remote attackers to cause a denial of service via a crafted |
| CVE-2026-4892 |
A heap-based out-of-bounds write vulnerability in the DHCPv6 implementation of dnsmasq allows local attackers to execute arbitrary code with root pri |
| CVE-2026-4893 |
An information disclosure vulnerability in dnsmasq allows remote attackers to bypass source checks via a crafted DNS packet with RFC 7871 client subn |
| CVE-2026-5172 |
A buffer overflow in dnsmasq’s extract_addresses() function allows an attacker to trigger a heap out-of-bounds read and crash by exploiting a malform |
|
|
dnsmasq (2.90-0ubuntu0.22.04.1) jammy-security; urgency=medium
* Updated to 2.90 to fix multiple security issues.
- debian/rules: specify lua version with LUA.
- CVE-2023-50387, CVE-2023-50868
* Convert package to source format 3.0 to ease maintenance going forward.
-- Marc Deslauriers <email address hidden> Wed, 14 Feb 2024 14:23:43 -0500
|
| Source diff to previous version |
| CVE-2023-50387 |
Certain DNSSEC aspects of the DNS protocol (in RFC 4033, 4034, 4035, 6840, and related RFCs) allow remote attackers to cause a denial of service (CPU |
| CVE-2023-50868 |
The Closest Encloser Proof aspect of the DNS protocol (in RFC 5155 when RFC 9276 guidance is skipped) allows remote attackers to cause a denial of se |
|
|
dnsmasq (2.86-1.1ubuntu0.5) jammy; urgency=medium
* src/dnsmasq.c: Fix a crash that can happen when an empty resolv.conf is
reloaded (LP: #2045570)
* src/helper.c: Fix wrong client address for dhcp-script when DHCPv4 relay
in use (LP: #2042587)
-- Andreas Hasenack <email address hidden> Thu, 11 Jan 2024 09:21:27 -0300
|
| Source diff to previous version |
| 2045570 |
dnsmasq crash when no servers in resolv.conf |
| 2042587 |
jammy's version breaks existing dhcp scripts with relay |
|
|
dnsmasq (2.86-1.1ubuntu0.4) jammy; urgency=medium
* src/dnsmasq.h, src/domain-match.c: Fix confusion when using resolvconf
servers (combining server|address for a domain), resulting in the struct
server datastructure for server=/domain/# getting passed to
forward_query(), rapidly followed by a SEGV. This fix makes
server=/domain/# a fully fledged member of the priority list.
The code added here is a cherry pick released in upstream version
2.87, originating at
https://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=commit;h=de372d69
(LP: #2015562)
-- Miriam España Acebal <email address hidden> Thu, 20 Apr 2023 11:00:27 +0200
|
| 2015562 |
[SRU] Segfault in dnsmasq when using certain static domain entries + DoH (bugfix possibly exists upstream) |
|
About
-
Send Feedback to @ubuntu_updates