UbuntuUpdates.org

Package "dnsmasq"

Name: dnsmasq

Description:

This package is just an umbrella for a group of other packages, it has no description.
Description samples from packages in group:

  • Small caching DNS proxy and DHCP/TFTP server - executable
  • Utilities for manipulating DHCP leases
Latest version: 2.90-2ubuntu0.3
Release: noble (24.04)
Level: security
Repository: main

Links

All versions of this package
Bug fixes

List of files in package
Repository home page

Other versions of "dnsmasq" in Noble

Repository Area Version
base main 2.90-2build2
base universe 2.90-2build2
security universe 2.90-2ubuntu0.3
updates main 2.90-2ubuntu0.3
updates universe 2.90-2ubuntu0.3

Packages in group

Deleted packages are displayed in grey.


Changelog

Version: 2.90-2ubuntu0.3 2026-05-12 09:07:35 UTC

  dnsmasq (2.90-2ubuntu0.3) noble-security; urgency=medium

  * SECURITY UPDATE: Heap buffer overflow on malicious caches in DNS
    forwarding.
    - debian/patches/CVE-2026-2291.patch: Expand char name size in
      src/dnsmasq.h.
    - CVE-2026-2291
  * SECURITY UPDATE: NSEC bitmap parsing infinite loop
    - debian/patches/CVE-2026-4890.patch: Correct erroneous iteration index
      in src/dnssec.c
    - CVE-2026-4890
  * SECURITY UPDATE: Unbounded length field in RRSIG packets.
    - debian/patches/CVE-2026-4891.patch: Validate rdlen in src/dnssec.c
    - CVE-2026-4891
  * SECURITY UPDATE: Buffer overflow in create_helper
    - debian/patches/CVE-2026-4892.patch: Add upper bound to for loop in
      src/helper.c
    - CVE-2026-4892
  * SECURITY UPDATE: Erroneous client subnet validation
    - debian/patches/CVE-2026-4893.patch: Fixed length passed to check_source
      in src/forward.c
    - CVE-2026-4893
  * SECURITY UPDATE: Buffer overflow in extract_addresses.
    - debian/patches/CVE-2026-5172.patch: Check index after extracting name
      in src/rfc1035.c
    - CVE-2026-5172

 -- Kyle Kernick <email address hidden> Wed, 29 Apr 2026 12:39:03 -0600
CVE-2026-2291 dnsmasqs extract_name() function can be abused to cause a heap buffer overflow, allowing an attacker to inject false DNS cache entries, which could r
CVE-2026-4890 A Denial of Service (DoS) vulnerability in the DNSSEC validation of dnsmasq allows remote attackers to cause a denial of service via a crafted DNS pa
CVE-2026-4891 A heap-based out-of-bounds read vulnerability in the DNSSEC validation of dnsmasq allows remote attackers to cause a denial of service via a crafted
CVE-2026-4892 A heap-based out-of-bounds write vulnerability in the DHCPv6 implementation of dnsmasq allows local attackers to execute arbitrary code with root pri
CVE-2026-4893 An information disclosure vulnerability in dnsmasq allows remote attackers to bypass source checks via a crafted DNS packet with RFC 7871 client subn
CVE-2026-5172 A buffer overflow in dnsmasq’s extract_addresses() function allows an attacker to trigger a heap out-of-bounds read and crash by exploiting a malform


About   -   Send Feedback to @ubuntu_updates