Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2026-4892 (GCVE-0-2026-4892)
Vulnerability from cvelistv5 – Published: 2026-05-11 16:47 – Updated: 2026-07-02 12:05- CWE-122 - Heap-based Buffer Overflow
| URL | Tags |
|---|---|
| https://lists.thekelleys.org.uk/pipermail/dnsmasq… | |
| https://www.kb.cert.org/vuls/id/471747 | |
| https://thekelleys.org.uk/dnsmasq/CVE/ | |
| https://github.com/NixOS/nixpkgs/pull/519082 | |
| https://github.com/NixOS/nixpkgs/pull/519093 | |
| https://github.com/pi-hole/FTL/releases/tag/v6.6.2 | |
| https://access.redhat.com/security/cve/CVE-2026-4892 | vdb-entryx_refsource_REDHAT |
| https://bugzilla.redhat.com/show_bug.cgi?id=2458518 | issue-trackingx_refsource_REDHAT |
| https://security.access.redhat.com/data/csaf/v2/v… | x_sadp-csaf-vex |
| https://access.redhat.com/errata/RHSA-2026:19158 | vendor-advisoryx_refsource_REDHAT |
| https://access.redhat.com/errata/RHSA-2026:20589 | vendor-advisoryx_refsource_REDHAT |
| https://access.redhat.com/errata/RHSA-2026:34508 | vendor-advisoryx_refsource_REDHAT |
| https://access.redhat.com/errata/RHSA-2026:19373 | vendor-advisoryx_refsource_REDHAT |
| Vendor | Product | Version | |
|---|---|---|---|
| dnsmasq | dnsmasq |
Affected:
0 , < 2.92rel2
(custom)
|
|
| Red Hat | Red Hat Enterprise Linux AppStream (v. 10) |
cpe:/o:redhat:enterprise_linux:10.2 |
|
| Red Hat | Red Hat Enterprise Linux AppStream (v. 8) |
cpe:/a:redhat:enterprise_linux:8::appstream |
|
| Red Hat | Red Hat Enterprise Linux AppStream EUS (v.9.6) |
cpe:/a:redhat:rhel_eus:9.6::appstream |
|
| Red Hat | Red Hat Enterprise Linux AppStream (v. 9) |
cpe:/a:redhat:enterprise_linux:9::appstream |
|
| Red Hat | Red Hat Enterprise Linux 6 |
cpe:/o:redhat:enterprise_linux:6 |
|
| Red Hat | Red Hat Enterprise Linux 7 |
cpe:/o:redhat:enterprise_linux:7 |
|
| Red Hat | Red Hat OpenShift Container Platform 4 |
cpe:/a:redhat:openshift:4 |
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2026-4892",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-11T18:26:34.490142Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-05-11T18:26:37.898Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"affected": [
{
"cpes": [
"cpe:/o:redhat:enterprise_linux:10.2"
],
"defaultStatus": "affected",
"product": "Red Hat Enterprise Linux AppStream (v. 10)",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:enterprise_linux:8::appstream"
],
"defaultStatus": "affected",
"product": "Red Hat Enterprise Linux AppStream (v. 8)",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:rhel_eus:9.6::appstream"
],
"defaultStatus": "affected",
"product": "Red Hat Enterprise Linux AppStream EUS (v.9.6)",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:enterprise_linux:9::appstream"
],
"defaultStatus": "affected",
"product": "Red Hat Enterprise Linux AppStream (v. 9)",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/o:redhat:enterprise_linux:6"
],
"defaultStatus": "affected",
"product": "Red Hat Enterprise Linux 6",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/o:redhat:enterprise_linux:7"
],
"defaultStatus": "affected",
"product": "Red Hat Enterprise Linux 7",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:openshift:4"
],
"defaultStatus": "affected",
"product": "Red Hat OpenShift Container Platform 4",
"vendor": "Red Hat"
}
],
"datePublic": "2026-05-09T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "A heap buffer overflow was discovered in dnsmasq\u0027s DHCP script helper process. When processing DHCPv6 client identifiers (CLIDs), the helper hex-encodes the raw CLID bytes into a fixed-size buffer without length validation. Since DHCPv6 CLIDs can be up to 65,535 bytes, a crafted DHCPv6 packet can overflow the buffer with attacker-controlled content. The helper process runs with root privileges."
}
],
"metrics": [
{
"other": {
"content": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"value": "Important"
},
"type": "Red Hat severity rating"
}
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-122",
"description": "Heap-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-07-02T12:05:02.250Z",
"orgId": "0b0ca135-0b70-47e7-9f44-1890c2a1c46c",
"shortName": "redhat-SADP"
},
"references": [
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/security/cve/CVE-2026-4892"
},
{
"name": "RHBZ#2458518",
"tags": [
"issue-tracking",
"x_refsource_REDHAT"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2458518"
},
{
"tags": [
"x_sadp-csaf-vex"
],
"url": "https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-4892.json"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:19158"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:20589"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:34508"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:19373"
}
],
"solutions": [
{
"lang": "en",
"value": "RHSA-2026:19158: Red Hat Enterprise Linux AppStream (v. 10)"
},
{
"lang": "en",
"value": "RHSA-2026:20589: Red Hat Enterprise Linux AppStream (v. 8)"
},
{
"lang": "en",
"value": "RHSA-2026:34508: Red Hat Enterprise Linux AppStream EUS (v.9.6)"
},
{
"lang": "en",
"value": "RHSA-2026:19373: Red Hat Enterprise Linux AppStream (v. 9)"
}
],
"timeline": [
{
"lang": "en",
"time": "2026-04-14T22:44:58.432Z",
"value": "Reported to Red Hat."
},
{
"lang": "en",
"time": "2026-05-09T00:00:00.000Z",
"value": "Made public."
}
],
"title": "dnsmasq: DHCPv6 CLID buffer overflow in helper process",
"x_adpType": "supplier",
"x_generator": {
"engine": "sadp-cli 1.0.0"
}
}
],
"cna": {
"affected": [
{
"product": "dnsmasq",
"vendor": "dnsmasq",
"versions": [
{
"lessThan": "2.92rel2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A heap-based out-of-bounds write vulnerability in the DHCPv6 implementation of dnsmasq allows local attackers to execute arbitrary code with root privileges via a crafted DHCPv6 packet."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-122: Heap-based Buffer Overflow",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-20T14:09:29.062Z",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"url": "https://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/2026q2/018471.html"
},
{
"url": "https://www.kb.cert.org/vuls/id/471747"
},
{
"url": "https://thekelleys.org.uk/dnsmasq/CVE/"
},
{
"url": "https://github.com/NixOS/nixpkgs/pull/519082"
},
{
"url": "https://github.com/NixOS/nixpkgs/pull/519093"
},
{
"url": "https://github.com/pi-hole/FTL/releases/tag/v6.6.2"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "CVE-2026-4892",
"x_generator": {
"engine": "VINCE 3.0.41",
"env": "prod",
"origin": "https://cveawg.mitre.org/api/cve/CVE-2026-4892"
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2026-4892",
"datePublished": "2026-05-11T16:47:58.846Z",
"dateReserved": "2026-03-26T13:09:48.958Z",
"dateUpdated": "2026-07-02T12:05:02.250Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2026-4892",
"date": "2026-07-02",
"epss": "0.00782",
"percentile": "0.51472"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2026-4892\",\"sourceIdentifier\":\"cret@cert.org\",\"published\":\"2026-05-11T18:16:41.483\",\"lastModified\":\"2026-07-02T12:17:31.603\",\"vulnStatus\":\"Awaiting Analysis\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"A heap-based out-of-bounds write vulnerability in the DHCPv6 implementation of dnsmasq allows local attackers to execute arbitrary code with root privileges via a crafted DHCPv6 packet.\"}],\"affected\":[{\"source\":\"cret@cert.org\",\"affectedData\":[{\"vendor\":\"dnsmasq\",\"product\":\"dnsmasq\",\"versions\":[{\"version\":\"0\",\"lessThan\":\"2.92rel2\",\"versionType\":\"custom\",\"status\":\"affected\"}]}]},{\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\",\"affectedData\":[{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Enterprise Linux AppStream (v. 10)\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/o:redhat:enterprise_linux:10.2\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Enterprise Linux AppStream (v. 8)\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:enterprise_linux:8::appstream\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Enterprise Linux AppStream EUS (v.9.6)\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:rhel_eus:9.6::appstream\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Enterprise Linux AppStream (v. 9)\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:enterprise_linux:9::appstream\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Enterprise Linux 6\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/o:redhat:enterprise_linux:6\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Enterprise Linux 7\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/o:redhat:enterprise_linux:7\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat OpenShift Container Platform 4\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:openshift:4\"]}]}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":8.4,\"baseSeverity\":\"HIGH\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.5,\"impactScore\":5.9},{\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":8.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"ADJACENT_NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.8,\"impactScore\":5.9}],\"ssvcV203\":[{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"ssvcData\":{\"timestamp\":\"2026-05-11T18:26:34.490142Z\",\"id\":\"CVE-2026-4892\",\"options\":[{\"exploitation\":\"none\"},{\"automatable\":\"no\"},{\"technicalImpact\":\"total\"}],\"role\":\"CISA Coordinator\",\"version\":\"2.0.3\"}}]},\"weaknesses\":[{\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-122\"}]}],\"references\":[{\"url\":\"https://github.com/NixOS/nixpkgs/pull/519082\",\"source\":\"cret@cert.org\"},{\"url\":\"https://github.com/NixOS/nixpkgs/pull/519093\",\"source\":\"cret@cert.org\"},{\"url\":\"https://github.com/pi-hole/FTL/releases/tag/v6.6.2\",\"source\":\"cret@cert.org\"},{\"url\":\"https://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/2026q2/018471.html\",\"source\":\"cret@cert.org\"},{\"url\":\"https://thekelleys.org.uk/dnsmasq/CVE/\",\"source\":\"cret@cert.org\"},{\"url\":\"https://www.kb.cert.org/vuls/id/471747\",\"source\":\"cret@cert.org\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:19158\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:19373\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:20589\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:34508\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/security/cve/CVE-2026-4892\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://bugzilla.redhat.com/show_bug.cgi?id=2458518\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-4892.json\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"dnsmasq: DHCPv6 CLID buffer overflow in helper process\", \"metrics\": [{\"other\": {\"type\": \"Red Hat severity rating\", \"content\": {\"value\": \"Important\", \"namespace\": \"https://access.redhat.com/security/updates/classification/\"}}}, {\"format\": \"CVSS\", \"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 8.8, \"attackVector\": \"ADJACENT_NETWORK\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\", \"integrityImpact\": \"HIGH\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"HIGH\"}}], \"affected\": [{\"cpes\": [\"cpe:/o:redhat:enterprise_linux:10.2\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Enterprise Linux AppStream (v. 10)\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:enterprise_linux:8::appstream\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Enterprise Linux AppStream (v. 8)\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:rhel_eus:9.6::appstream\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Enterprise Linux AppStream EUS (v.9.6)\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:enterprise_linux:9::appstream\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Enterprise Linux AppStream (v. 9)\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/o:redhat:enterprise_linux:6\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Enterprise Linux 6\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/o:redhat:enterprise_linux:7\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Enterprise Linux 7\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:openshift:4\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat OpenShift Container Platform 4\", \"defaultStatus\": \"affected\"}], \"timeline\": [{\"lang\": \"en\", \"time\": \"2026-04-14T22:44:58.432Z\", \"value\": \"Reported to Red Hat.\"}, {\"lang\": \"en\", \"time\": \"2026-05-09T00:00:00.000Z\", \"value\": \"Made public.\"}], \"solutions\": [{\"lang\": \"en\", \"value\": \"RHSA-2026:19158: Red Hat Enterprise Linux AppStream (v. 10)\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:20589: Red Hat Enterprise Linux AppStream (v. 8)\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:34508: Red Hat Enterprise Linux AppStream EUS (v.9.6)\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:19373: Red Hat Enterprise Linux AppStream (v. 9)\"}], \"x_adpType\": \"supplier\", \"datePublic\": \"2026-05-09T00:00:00.000Z\", \"references\": [{\"url\": \"https://access.redhat.com/security/cve/CVE-2026-4892\", \"tags\": [\"vdb-entry\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://bugzilla.redhat.com/show_bug.cgi?id=2458518\", \"name\": \"RHBZ#2458518\", \"tags\": [\"issue-tracking\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-4892.json\", \"tags\": [\"x_sadp-csaf-vex\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:19158\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:20589\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:34508\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:19373\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}], \"x_generator\": {\"engine\": \"sadp-cli 1.0.0\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"A heap buffer overflow was discovered in dnsmasq\u0027s DHCP script helper process. When processing DHCPv6 client identifiers (CLIDs), the helper hex-encodes the raw CLID bytes into a fixed-size buffer without length validation. Since DHCPv6 CLIDs can be up to 65,535 bytes, a crafted DHCPv6 packet can overflow the buffer with attacker-controlled content. The helper process runs with root privileges.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-122\", \"description\": \"Heap-based Buffer Overflow\"}]}], \"providerMetadata\": {\"orgId\": \"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\", \"shortName\": \"redhat-SADP\", \"dateUpdated\": \"2026-07-02T12:05:02.250Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 8.4, \"attackVector\": \"LOCAL\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\", \"integrityImpact\": \"HIGH\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"HIGH\"}}, {\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2026-4892\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2026-05-11T18:26:34.490142Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2026-05-11T18:25:52.978Z\"}}], \"cna\": {\"title\": \"CVE-2026-4892\", \"source\": {\"discovery\": \"UNKNOWN\"}, \"affected\": [{\"vendor\": \"dnsmasq\", \"product\": \"dnsmasq\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"2.92rel2\", \"versionType\": \"custom\"}]}], \"references\": [{\"url\": \"https://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/2026q2/018471.html\"}, {\"url\": \"https://www.kb.cert.org/vuls/id/471747\"}, {\"url\": \"https://thekelleys.org.uk/dnsmasq/CVE/\"}, {\"url\": \"https://github.com/NixOS/nixpkgs/pull/519082\"}, {\"url\": \"https://github.com/NixOS/nixpkgs/pull/519093\"}, {\"url\": \"https://github.com/pi-hole/FTL/releases/tag/v6.6.2\"}], \"x_generator\": {\"env\": \"prod\", \"engine\": \"VINCE 3.0.41\", \"origin\": \"https://cveawg.mitre.org/api/cve/CVE-2026-4892\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"A heap-based out-of-bounds write vulnerability in the DHCPv6 implementation of dnsmasq allows local attackers to execute arbitrary code with root privileges via a crafted DHCPv6 packet.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"description\": \"CWE-122: Heap-based Buffer Overflow\"}]}], \"providerMetadata\": {\"orgId\": \"37e5125f-f79b-445b-8fad-9564f167944b\", \"shortName\": \"certcc\", \"dateUpdated\": \"2026-05-20T14:09:29.062Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2026-4892\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2026-07-02T12:05:02.250Z\", \"dateReserved\": \"2026-03-26T13:09:48.958Z\", \"assignerOrgId\": \"37e5125f-f79b-445b-8fad-9564f167944b\", \"datePublished\": \"2026-05-11T16:47:58.846Z\", \"assignerShortName\": \"certcc\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
}
}
RHSA-2026:34508
Vulnerability from csaf_redhat - Published: 2026-07-01 21:21 - Updated: 2026-07-02 13:41A heap buffer overflow was discovered in dnsmasq's DNS cache. When processing DNS responses, dnsmasq expands certain characters into longer escape sequences, but the cache buffer is not sized to hold the expanded result. A specially crafted DNS response can overflow this buffer, potentially crashing the dnsmasq process or poisoning DNS cache records.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-9.6.0.Z.EUS:dnsmasq-0:2.85-17.el9_6.1.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:dnsmasq-0:2.85-17.el9_6.1.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:dnsmasq-0:2.85-17.el9_6.1.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:dnsmasq-0:2.85-17.el9_6.1.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:dnsmasq-0:2.85-17.el9_6.1.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:dnsmasq-debuginfo-0:2.85-17.el9_6.1.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:dnsmasq-debuginfo-0:2.85-17.el9_6.1.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:dnsmasq-debuginfo-0:2.85-17.el9_6.1.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:dnsmasq-debuginfo-0:2.85-17.el9_6.1.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:dnsmasq-debugsource-0:2.85-17.el9_6.1.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:dnsmasq-debugsource-0:2.85-17.el9_6.1.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:dnsmasq-debugsource-0:2.85-17.el9_6.1.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:dnsmasq-debugsource-0:2.85-17.el9_6.1.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:dnsmasq-utils-0:2.85-17.el9_6.1.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:dnsmasq-utils-0:2.85-17.el9_6.1.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:dnsmasq-utils-0:2.85-17.el9_6.1.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:dnsmasq-utils-0:2.85-17.el9_6.1.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:dnsmasq-utils-debuginfo-0:2.85-17.el9_6.1.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:dnsmasq-utils-debuginfo-0:2.85-17.el9_6.1.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:dnsmasq-utils-debuginfo-0:2.85-17.el9_6.1.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:dnsmasq-utils-debuginfo-0:2.85-17.el9_6.1.x86_64 | — |
Vendor Fix
fix
|
A denial of service vulnerability was discovered in dnsmasq's DNSSEC validation. When parsing NSEC and NSEC3 bitmap records, the window iteration logic fails to account for the 2-byte window header when advancing through the bitmap data. A specially crafted DNS response with a zero-length bitmap can cause an infinite loop, making dnsmasq unresponsive to all queries.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-9.6.0.Z.EUS:dnsmasq-0:2.85-17.el9_6.1.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:dnsmasq-0:2.85-17.el9_6.1.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:dnsmasq-0:2.85-17.el9_6.1.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:dnsmasq-0:2.85-17.el9_6.1.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:dnsmasq-0:2.85-17.el9_6.1.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:dnsmasq-debuginfo-0:2.85-17.el9_6.1.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:dnsmasq-debuginfo-0:2.85-17.el9_6.1.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:dnsmasq-debuginfo-0:2.85-17.el9_6.1.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:dnsmasq-debuginfo-0:2.85-17.el9_6.1.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:dnsmasq-debugsource-0:2.85-17.el9_6.1.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:dnsmasq-debugsource-0:2.85-17.el9_6.1.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:dnsmasq-debugsource-0:2.85-17.el9_6.1.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:dnsmasq-debugsource-0:2.85-17.el9_6.1.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:dnsmasq-utils-0:2.85-17.el9_6.1.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:dnsmasq-utils-0:2.85-17.el9_6.1.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:dnsmasq-utils-0:2.85-17.el9_6.1.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:dnsmasq-utils-0:2.85-17.el9_6.1.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:dnsmasq-utils-debuginfo-0:2.85-17.el9_6.1.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:dnsmasq-utils-debuginfo-0:2.85-17.el9_6.1.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:dnsmasq-utils-debuginfo-0:2.85-17.el9_6.1.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:dnsmasq-utils-debuginfo-0:2.85-17.el9_6.1.x86_64 | — |
Vendor Fix
fix
|
A heap out-of-bounds read vulnerability was discovered in dnsmasq's DNSSEC validation. When processing RRSIG records, dnsmasq calculates the signature length by subtracting the fixed field size from the record's declared data length. A crafted RRSIG record with a data length smaller than the fixed fields causes this calculation to underflow, potentially resulting in an out-of-bounds read and process crash.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-9.6.0.Z.EUS:dnsmasq-0:2.85-17.el9_6.1.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:dnsmasq-0:2.85-17.el9_6.1.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:dnsmasq-0:2.85-17.el9_6.1.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:dnsmasq-0:2.85-17.el9_6.1.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:dnsmasq-0:2.85-17.el9_6.1.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:dnsmasq-debuginfo-0:2.85-17.el9_6.1.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:dnsmasq-debuginfo-0:2.85-17.el9_6.1.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:dnsmasq-debuginfo-0:2.85-17.el9_6.1.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:dnsmasq-debuginfo-0:2.85-17.el9_6.1.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:dnsmasq-debugsource-0:2.85-17.el9_6.1.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:dnsmasq-debugsource-0:2.85-17.el9_6.1.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:dnsmasq-debugsource-0:2.85-17.el9_6.1.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:dnsmasq-debugsource-0:2.85-17.el9_6.1.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:dnsmasq-utils-0:2.85-17.el9_6.1.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:dnsmasq-utils-0:2.85-17.el9_6.1.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:dnsmasq-utils-0:2.85-17.el9_6.1.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:dnsmasq-utils-0:2.85-17.el9_6.1.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:dnsmasq-utils-debuginfo-0:2.85-17.el9_6.1.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:dnsmasq-utils-debuginfo-0:2.85-17.el9_6.1.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:dnsmasq-utils-debuginfo-0:2.85-17.el9_6.1.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:dnsmasq-utils-debuginfo-0:2.85-17.el9_6.1.x86_64 | — |
Vendor Fix
fix
|
A heap buffer overflow was discovered in dnsmasq's DHCP script helper process. When processing DHCPv6 client identifiers (CLIDs), the helper hex-encodes the raw CLID bytes into a fixed-size buffer without length validation. Since DHCPv6 CLIDs can be up to 65,535 bytes, a crafted DHCPv6 packet can overflow the buffer with attacker-controlled content. The helper process runs with root privileges.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-9.6.0.Z.EUS:dnsmasq-0:2.85-17.el9_6.1.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:dnsmasq-0:2.85-17.el9_6.1.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:dnsmasq-0:2.85-17.el9_6.1.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:dnsmasq-0:2.85-17.el9_6.1.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:dnsmasq-0:2.85-17.el9_6.1.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:dnsmasq-debuginfo-0:2.85-17.el9_6.1.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:dnsmasq-debuginfo-0:2.85-17.el9_6.1.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:dnsmasq-debuginfo-0:2.85-17.el9_6.1.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:dnsmasq-debuginfo-0:2.85-17.el9_6.1.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:dnsmasq-debugsource-0:2.85-17.el9_6.1.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:dnsmasq-debugsource-0:2.85-17.el9_6.1.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:dnsmasq-debugsource-0:2.85-17.el9_6.1.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:dnsmasq-debugsource-0:2.85-17.el9_6.1.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:dnsmasq-utils-0:2.85-17.el9_6.1.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:dnsmasq-utils-0:2.85-17.el9_6.1.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:dnsmasq-utils-0:2.85-17.el9_6.1.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:dnsmasq-utils-0:2.85-17.el9_6.1.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:dnsmasq-utils-debuginfo-0:2.85-17.el9_6.1.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:dnsmasq-utils-debuginfo-0:2.85-17.el9_6.1.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:dnsmasq-utils-debuginfo-0:2.85-17.el9_6.1.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:dnsmasq-utils-debuginfo-0:2.85-17.el9_6.1.x86_64 | — |
Vendor Fix
fix
|
A validation bypass was discovered in dnsmasq's RFC 7871 client subnet (ECS) handling. When verifying ECS source information in DNS responses, dnsmasq passes the OPT record length instead of the full packet length to the validation function.This causes all internal bounds checks to fail, completely bypassing ECS source validation and allowing an attacker to spoof client subnet information.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-9.6.0.Z.EUS:dnsmasq-0:2.85-17.el9_6.1.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:dnsmasq-0:2.85-17.el9_6.1.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:dnsmasq-0:2.85-17.el9_6.1.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:dnsmasq-0:2.85-17.el9_6.1.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:dnsmasq-0:2.85-17.el9_6.1.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:dnsmasq-debuginfo-0:2.85-17.el9_6.1.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:dnsmasq-debuginfo-0:2.85-17.el9_6.1.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:dnsmasq-debuginfo-0:2.85-17.el9_6.1.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:dnsmasq-debuginfo-0:2.85-17.el9_6.1.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:dnsmasq-debugsource-0:2.85-17.el9_6.1.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:dnsmasq-debugsource-0:2.85-17.el9_6.1.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:dnsmasq-debugsource-0:2.85-17.el9_6.1.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:dnsmasq-debugsource-0:2.85-17.el9_6.1.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:dnsmasq-utils-0:2.85-17.el9_6.1.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:dnsmasq-utils-0:2.85-17.el9_6.1.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:dnsmasq-utils-0:2.85-17.el9_6.1.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:dnsmasq-utils-0:2.85-17.el9_6.1.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:dnsmasq-utils-debuginfo-0:2.85-17.el9_6.1.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:dnsmasq-utils-debuginfo-0:2.85-17.el9_6.1.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:dnsmasq-utils-debuginfo-0:2.85-17.el9_6.1.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:dnsmasq-utils-debuginfo-0:2.85-17.el9_6.1.x86_64 | — |
Vendor Fix
fix
|
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for dnsmasq is now available for Red Hat Enterprise Linux 9.6 Extended Update Support.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "The dnsmasq packages contain Dnsmasq, a lightweight DNS (Domain Name Server) forwarder and DHCP (Dynamic Host Configuration Protocol) server.\n\nSecurity Fix(es):\n\n* dnsmasq: dnsmasq: heap buffer overflow in cache via NAME_ESCAPE expansion (CVE-2026-2291)\n\n* dnsmasq: NSEC bitmap parsing infinite loop (CVE-2026-4890)\n\n* dnsmasq: RRSIG rdlen underflow leading to heap OOB read (CVE-2026-4891)\n\n* dnsmasq: DHCPv6 CLID buffer overflow in helper process (CVE-2026-4892)\n\n* dnsmasq: Broken ECS source validation bypass (CVE-2026-4893)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2026:34508",
"url": "https://access.redhat.com/errata/RHSA-2026:34508"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "2439088",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2439088"
},
{
"category": "external",
"summary": "2458516",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2458516"
},
{
"category": "external",
"summary": "2458517",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2458517"
},
{
"category": "external",
"summary": "2458518",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2458518"
},
{
"category": "external",
"summary": "2458519",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2458519"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_34508.json"
}
],
"title": "Red Hat Security Advisory: dnsmasq security update",
"tracking": {
"current_release_date": "2026-07-02T13:41:03+00:00",
"generator": {
"date": "2026-07-02T13:41:03+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "5.3.1"
}
},
"id": "RHSA-2026:34508",
"initial_release_date": "2026-07-01T21:21:55+00:00",
"revision_history": [
{
"date": "2026-07-01T21:21:55+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2026-07-01T21:21:55+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-07-02T13:41:03+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AppStream EUS (v.9.6)",
"product": {
"name": "Red Hat Enterprise Linux AppStream EUS (v.9.6)",
"product_id": "AppStream-9.6.0.Z.EUS",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_eus:9.6::appstream"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "dnsmasq-0:2.85-17.el9_6.1.src",
"product": {
"name": "dnsmasq-0:2.85-17.el9_6.1.src",
"product_id": "dnsmasq-0:2.85-17.el9_6.1.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/dnsmasq@2.85-17.el9_6.1?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "dnsmasq-0:2.85-17.el9_6.1.aarch64",
"product": {
"name": "dnsmasq-0:2.85-17.el9_6.1.aarch64",
"product_id": "dnsmasq-0:2.85-17.el9_6.1.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/dnsmasq@2.85-17.el9_6.1?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "dnsmasq-utils-0:2.85-17.el9_6.1.aarch64",
"product": {
"name": "dnsmasq-utils-0:2.85-17.el9_6.1.aarch64",
"product_id": "dnsmasq-utils-0:2.85-17.el9_6.1.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/dnsmasq-utils@2.85-17.el9_6.1?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "dnsmasq-debugsource-0:2.85-17.el9_6.1.aarch64",
"product": {
"name": "dnsmasq-debugsource-0:2.85-17.el9_6.1.aarch64",
"product_id": "dnsmasq-debugsource-0:2.85-17.el9_6.1.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/dnsmasq-debugsource@2.85-17.el9_6.1?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "dnsmasq-debuginfo-0:2.85-17.el9_6.1.aarch64",
"product": {
"name": "dnsmasq-debuginfo-0:2.85-17.el9_6.1.aarch64",
"product_id": "dnsmasq-debuginfo-0:2.85-17.el9_6.1.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/dnsmasq-debuginfo@2.85-17.el9_6.1?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "dnsmasq-utils-debuginfo-0:2.85-17.el9_6.1.aarch64",
"product": {
"name": "dnsmasq-utils-debuginfo-0:2.85-17.el9_6.1.aarch64",
"product_id": "dnsmasq-utils-debuginfo-0:2.85-17.el9_6.1.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/dnsmasq-utils-debuginfo@2.85-17.el9_6.1?arch=aarch64"
}
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "dnsmasq-0:2.85-17.el9_6.1.x86_64",
"product": {
"name": "dnsmasq-0:2.85-17.el9_6.1.x86_64",
"product_id": "dnsmasq-0:2.85-17.el9_6.1.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/dnsmasq@2.85-17.el9_6.1?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "dnsmasq-utils-0:2.85-17.el9_6.1.x86_64",
"product": {
"name": "dnsmasq-utils-0:2.85-17.el9_6.1.x86_64",
"product_id": "dnsmasq-utils-0:2.85-17.el9_6.1.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/dnsmasq-utils@2.85-17.el9_6.1?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "dnsmasq-debugsource-0:2.85-17.el9_6.1.x86_64",
"product": {
"name": "dnsmasq-debugsource-0:2.85-17.el9_6.1.x86_64",
"product_id": "dnsmasq-debugsource-0:2.85-17.el9_6.1.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/dnsmasq-debugsource@2.85-17.el9_6.1?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "dnsmasq-debuginfo-0:2.85-17.el9_6.1.x86_64",
"product": {
"name": "dnsmasq-debuginfo-0:2.85-17.el9_6.1.x86_64",
"product_id": "dnsmasq-debuginfo-0:2.85-17.el9_6.1.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/dnsmasq-debuginfo@2.85-17.el9_6.1?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "dnsmasq-utils-debuginfo-0:2.85-17.el9_6.1.x86_64",
"product": {
"name": "dnsmasq-utils-debuginfo-0:2.85-17.el9_6.1.x86_64",
"product_id": "dnsmasq-utils-debuginfo-0:2.85-17.el9_6.1.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/dnsmasq-utils-debuginfo@2.85-17.el9_6.1?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "dnsmasq-0:2.85-17.el9_6.1.ppc64le",
"product": {
"name": "dnsmasq-0:2.85-17.el9_6.1.ppc64le",
"product_id": "dnsmasq-0:2.85-17.el9_6.1.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/dnsmasq@2.85-17.el9_6.1?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "dnsmasq-utils-0:2.85-17.el9_6.1.ppc64le",
"product": {
"name": "dnsmasq-utils-0:2.85-17.el9_6.1.ppc64le",
"product_id": "dnsmasq-utils-0:2.85-17.el9_6.1.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/dnsmasq-utils@2.85-17.el9_6.1?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "dnsmasq-debugsource-0:2.85-17.el9_6.1.ppc64le",
"product": {
"name": "dnsmasq-debugsource-0:2.85-17.el9_6.1.ppc64le",
"product_id": "dnsmasq-debugsource-0:2.85-17.el9_6.1.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/dnsmasq-debugsource@2.85-17.el9_6.1?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "dnsmasq-debuginfo-0:2.85-17.el9_6.1.ppc64le",
"product": {
"name": "dnsmasq-debuginfo-0:2.85-17.el9_6.1.ppc64le",
"product_id": "dnsmasq-debuginfo-0:2.85-17.el9_6.1.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/dnsmasq-debuginfo@2.85-17.el9_6.1?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "dnsmasq-utils-debuginfo-0:2.85-17.el9_6.1.ppc64le",
"product": {
"name": "dnsmasq-utils-debuginfo-0:2.85-17.el9_6.1.ppc64le",
"product_id": "dnsmasq-utils-debuginfo-0:2.85-17.el9_6.1.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/dnsmasq-utils-debuginfo@2.85-17.el9_6.1?arch=ppc64le"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "dnsmasq-0:2.85-17.el9_6.1.s390x",
"product": {
"name": "dnsmasq-0:2.85-17.el9_6.1.s390x",
"product_id": "dnsmasq-0:2.85-17.el9_6.1.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/dnsmasq@2.85-17.el9_6.1?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "dnsmasq-utils-0:2.85-17.el9_6.1.s390x",
"product": {
"name": "dnsmasq-utils-0:2.85-17.el9_6.1.s390x",
"product_id": "dnsmasq-utils-0:2.85-17.el9_6.1.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/dnsmasq-utils@2.85-17.el9_6.1?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "dnsmasq-debugsource-0:2.85-17.el9_6.1.s390x",
"product": {
"name": "dnsmasq-debugsource-0:2.85-17.el9_6.1.s390x",
"product_id": "dnsmasq-debugsource-0:2.85-17.el9_6.1.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/dnsmasq-debugsource@2.85-17.el9_6.1?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "dnsmasq-debuginfo-0:2.85-17.el9_6.1.s390x",
"product": {
"name": "dnsmasq-debuginfo-0:2.85-17.el9_6.1.s390x",
"product_id": "dnsmasq-debuginfo-0:2.85-17.el9_6.1.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/dnsmasq-debuginfo@2.85-17.el9_6.1?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "dnsmasq-utils-debuginfo-0:2.85-17.el9_6.1.s390x",
"product": {
"name": "dnsmasq-utils-debuginfo-0:2.85-17.el9_6.1.s390x",
"product_id": "dnsmasq-utils-debuginfo-0:2.85-17.el9_6.1.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/dnsmasq-utils-debuginfo@2.85-17.el9_6.1?arch=s390x"
}
}
}
],
"category": "architecture",
"name": "s390x"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "dnsmasq-0:2.85-17.el9_6.1.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.6)",
"product_id": "AppStream-9.6.0.Z.EUS:dnsmasq-0:2.85-17.el9_6.1.aarch64"
},
"product_reference": "dnsmasq-0:2.85-17.el9_6.1.aarch64",
"relates_to_product_reference": "AppStream-9.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dnsmasq-0:2.85-17.el9_6.1.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v.9.6)",
"product_id": "AppStream-9.6.0.Z.EUS:dnsmasq-0:2.85-17.el9_6.1.ppc64le"
},
"product_reference": "dnsmasq-0:2.85-17.el9_6.1.ppc64le",
"relates_to_product_reference": "AppStream-9.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dnsmasq-0:2.85-17.el9_6.1.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v.9.6)",
"product_id": "AppStream-9.6.0.Z.EUS:dnsmasq-0:2.85-17.el9_6.1.s390x"
},
"product_reference": "dnsmasq-0:2.85-17.el9_6.1.s390x",
"relates_to_product_reference": "AppStream-9.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dnsmasq-0:2.85-17.el9_6.1.src as a component of Red Hat Enterprise Linux AppStream EUS (v.9.6)",
"product_id": "AppStream-9.6.0.Z.EUS:dnsmasq-0:2.85-17.el9_6.1.src"
},
"product_reference": "dnsmasq-0:2.85-17.el9_6.1.src",
"relates_to_product_reference": "AppStream-9.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dnsmasq-0:2.85-17.el9_6.1.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.6)",
"product_id": "AppStream-9.6.0.Z.EUS:dnsmasq-0:2.85-17.el9_6.1.x86_64"
},
"product_reference": "dnsmasq-0:2.85-17.el9_6.1.x86_64",
"relates_to_product_reference": "AppStream-9.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dnsmasq-debuginfo-0:2.85-17.el9_6.1.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.6)",
"product_id": "AppStream-9.6.0.Z.EUS:dnsmasq-debuginfo-0:2.85-17.el9_6.1.aarch64"
},
"product_reference": "dnsmasq-debuginfo-0:2.85-17.el9_6.1.aarch64",
"relates_to_product_reference": "AppStream-9.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dnsmasq-debuginfo-0:2.85-17.el9_6.1.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v.9.6)",
"product_id": "AppStream-9.6.0.Z.EUS:dnsmasq-debuginfo-0:2.85-17.el9_6.1.ppc64le"
},
"product_reference": "dnsmasq-debuginfo-0:2.85-17.el9_6.1.ppc64le",
"relates_to_product_reference": "AppStream-9.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dnsmasq-debuginfo-0:2.85-17.el9_6.1.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v.9.6)",
"product_id": "AppStream-9.6.0.Z.EUS:dnsmasq-debuginfo-0:2.85-17.el9_6.1.s390x"
},
"product_reference": "dnsmasq-debuginfo-0:2.85-17.el9_6.1.s390x",
"relates_to_product_reference": "AppStream-9.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dnsmasq-debuginfo-0:2.85-17.el9_6.1.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.6)",
"product_id": "AppStream-9.6.0.Z.EUS:dnsmasq-debuginfo-0:2.85-17.el9_6.1.x86_64"
},
"product_reference": "dnsmasq-debuginfo-0:2.85-17.el9_6.1.x86_64",
"relates_to_product_reference": "AppStream-9.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dnsmasq-debugsource-0:2.85-17.el9_6.1.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.6)",
"product_id": "AppStream-9.6.0.Z.EUS:dnsmasq-debugsource-0:2.85-17.el9_6.1.aarch64"
},
"product_reference": "dnsmasq-debugsource-0:2.85-17.el9_6.1.aarch64",
"relates_to_product_reference": "AppStream-9.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dnsmasq-debugsource-0:2.85-17.el9_6.1.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v.9.6)",
"product_id": "AppStream-9.6.0.Z.EUS:dnsmasq-debugsource-0:2.85-17.el9_6.1.ppc64le"
},
"product_reference": "dnsmasq-debugsource-0:2.85-17.el9_6.1.ppc64le",
"relates_to_product_reference": "AppStream-9.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dnsmasq-debugsource-0:2.85-17.el9_6.1.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v.9.6)",
"product_id": "AppStream-9.6.0.Z.EUS:dnsmasq-debugsource-0:2.85-17.el9_6.1.s390x"
},
"product_reference": "dnsmasq-debugsource-0:2.85-17.el9_6.1.s390x",
"relates_to_product_reference": "AppStream-9.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dnsmasq-debugsource-0:2.85-17.el9_6.1.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.6)",
"product_id": "AppStream-9.6.0.Z.EUS:dnsmasq-debugsource-0:2.85-17.el9_6.1.x86_64"
},
"product_reference": "dnsmasq-debugsource-0:2.85-17.el9_6.1.x86_64",
"relates_to_product_reference": "AppStream-9.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dnsmasq-utils-0:2.85-17.el9_6.1.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.6)",
"product_id": "AppStream-9.6.0.Z.EUS:dnsmasq-utils-0:2.85-17.el9_6.1.aarch64"
},
"product_reference": "dnsmasq-utils-0:2.85-17.el9_6.1.aarch64",
"relates_to_product_reference": "AppStream-9.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dnsmasq-utils-0:2.85-17.el9_6.1.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v.9.6)",
"product_id": "AppStream-9.6.0.Z.EUS:dnsmasq-utils-0:2.85-17.el9_6.1.ppc64le"
},
"product_reference": "dnsmasq-utils-0:2.85-17.el9_6.1.ppc64le",
"relates_to_product_reference": "AppStream-9.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dnsmasq-utils-0:2.85-17.el9_6.1.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v.9.6)",
"product_id": "AppStream-9.6.0.Z.EUS:dnsmasq-utils-0:2.85-17.el9_6.1.s390x"
},
"product_reference": "dnsmasq-utils-0:2.85-17.el9_6.1.s390x",
"relates_to_product_reference": "AppStream-9.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dnsmasq-utils-0:2.85-17.el9_6.1.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.6)",
"product_id": "AppStream-9.6.0.Z.EUS:dnsmasq-utils-0:2.85-17.el9_6.1.x86_64"
},
"product_reference": "dnsmasq-utils-0:2.85-17.el9_6.1.x86_64",
"relates_to_product_reference": "AppStream-9.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dnsmasq-utils-debuginfo-0:2.85-17.el9_6.1.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.6)",
"product_id": "AppStream-9.6.0.Z.EUS:dnsmasq-utils-debuginfo-0:2.85-17.el9_6.1.aarch64"
},
"product_reference": "dnsmasq-utils-debuginfo-0:2.85-17.el9_6.1.aarch64",
"relates_to_product_reference": "AppStream-9.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dnsmasq-utils-debuginfo-0:2.85-17.el9_6.1.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v.9.6)",
"product_id": "AppStream-9.6.0.Z.EUS:dnsmasq-utils-debuginfo-0:2.85-17.el9_6.1.ppc64le"
},
"product_reference": "dnsmasq-utils-debuginfo-0:2.85-17.el9_6.1.ppc64le",
"relates_to_product_reference": "AppStream-9.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dnsmasq-utils-debuginfo-0:2.85-17.el9_6.1.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v.9.6)",
"product_id": "AppStream-9.6.0.Z.EUS:dnsmasq-utils-debuginfo-0:2.85-17.el9_6.1.s390x"
},
"product_reference": "dnsmasq-utils-debuginfo-0:2.85-17.el9_6.1.s390x",
"relates_to_product_reference": "AppStream-9.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dnsmasq-utils-debuginfo-0:2.85-17.el9_6.1.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.6)",
"product_id": "AppStream-9.6.0.Z.EUS:dnsmasq-utils-debuginfo-0:2.85-17.el9_6.1.x86_64"
},
"product_reference": "dnsmasq-utils-debuginfo-0:2.85-17.el9_6.1.x86_64",
"relates_to_product_reference": "AppStream-9.6.0.Z.EUS"
}
]
},
"vulnerabilities": [
{
"acknowledgments": [
{
"names": [
"Andrew Fasano"
],
"organization": "NIST"
}
],
"cve": "CVE-2026-2291",
"cwe": {
"id": "CWE-131",
"name": "Incorrect Calculation of Buffer Size"
},
"discovery_date": "2026-02-11T19:49:33.263000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2439088"
}
],
"notes": [
{
"category": "description",
"text": "A heap buffer overflow was discovered in dnsmasq\u0027s DNS cache. When processing DNS responses, dnsmasq expands certain characters into longer escape sequences, but the cache buffer is not sized to hold the expanded result. A specially crafted DNS response can overflow this buffer, potentially crashing the dnsmasq process or poisoning DNS cache records.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "dnsmasq: dnsmasq: heap buffer overflow in cache via NAME_ESCAPE expansion",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat rates this issue as Moderate rather than Important. While DNS cache poisoning is possible, a process crash is the most likely outcome of a successful exploit. Also, standard upstream DNS resolvers reject the malformed responses before they reach dnsmasq, limiting exploitation to uncommon configurations where dnsmasq forwards directly to an attacker-controlled server.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.6.0.Z.EUS:dnsmasq-0:2.85-17.el9_6.1.aarch64",
"AppStream-9.6.0.Z.EUS:dnsmasq-0:2.85-17.el9_6.1.ppc64le",
"AppStream-9.6.0.Z.EUS:dnsmasq-0:2.85-17.el9_6.1.s390x",
"AppStream-9.6.0.Z.EUS:dnsmasq-0:2.85-17.el9_6.1.src",
"AppStream-9.6.0.Z.EUS:dnsmasq-0:2.85-17.el9_6.1.x86_64",
"AppStream-9.6.0.Z.EUS:dnsmasq-debuginfo-0:2.85-17.el9_6.1.aarch64",
"AppStream-9.6.0.Z.EUS:dnsmasq-debuginfo-0:2.85-17.el9_6.1.ppc64le",
"AppStream-9.6.0.Z.EUS:dnsmasq-debuginfo-0:2.85-17.el9_6.1.s390x",
"AppStream-9.6.0.Z.EUS:dnsmasq-debuginfo-0:2.85-17.el9_6.1.x86_64",
"AppStream-9.6.0.Z.EUS:dnsmasq-debugsource-0:2.85-17.el9_6.1.aarch64",
"AppStream-9.6.0.Z.EUS:dnsmasq-debugsource-0:2.85-17.el9_6.1.ppc64le",
"AppStream-9.6.0.Z.EUS:dnsmasq-debugsource-0:2.85-17.el9_6.1.s390x",
"AppStream-9.6.0.Z.EUS:dnsmasq-debugsource-0:2.85-17.el9_6.1.x86_64",
"AppStream-9.6.0.Z.EUS:dnsmasq-utils-0:2.85-17.el9_6.1.aarch64",
"AppStream-9.6.0.Z.EUS:dnsmasq-utils-0:2.85-17.el9_6.1.ppc64le",
"AppStream-9.6.0.Z.EUS:dnsmasq-utils-0:2.85-17.el9_6.1.s390x",
"AppStream-9.6.0.Z.EUS:dnsmasq-utils-0:2.85-17.el9_6.1.x86_64",
"AppStream-9.6.0.Z.EUS:dnsmasq-utils-debuginfo-0:2.85-17.el9_6.1.aarch64",
"AppStream-9.6.0.Z.EUS:dnsmasq-utils-debuginfo-0:2.85-17.el9_6.1.ppc64le",
"AppStream-9.6.0.Z.EUS:dnsmasq-utils-debuginfo-0:2.85-17.el9_6.1.s390x",
"AppStream-9.6.0.Z.EUS:dnsmasq-utils-debuginfo-0:2.85-17.el9_6.1.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-2291"
},
{
"category": "external",
"summary": "RHBZ#2439088",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2439088"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-2291",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-2291"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-2291",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-2291"
}
],
"release_date": "2026-05-09T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-07-01T21:21:55+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.6.0.Z.EUS:dnsmasq-0:2.85-17.el9_6.1.aarch64",
"AppStream-9.6.0.Z.EUS:dnsmasq-0:2.85-17.el9_6.1.ppc64le",
"AppStream-9.6.0.Z.EUS:dnsmasq-0:2.85-17.el9_6.1.s390x",
"AppStream-9.6.0.Z.EUS:dnsmasq-0:2.85-17.el9_6.1.src",
"AppStream-9.6.0.Z.EUS:dnsmasq-0:2.85-17.el9_6.1.x86_64",
"AppStream-9.6.0.Z.EUS:dnsmasq-debuginfo-0:2.85-17.el9_6.1.aarch64",
"AppStream-9.6.0.Z.EUS:dnsmasq-debuginfo-0:2.85-17.el9_6.1.ppc64le",
"AppStream-9.6.0.Z.EUS:dnsmasq-debuginfo-0:2.85-17.el9_6.1.s390x",
"AppStream-9.6.0.Z.EUS:dnsmasq-debuginfo-0:2.85-17.el9_6.1.x86_64",
"AppStream-9.6.0.Z.EUS:dnsmasq-debugsource-0:2.85-17.el9_6.1.aarch64",
"AppStream-9.6.0.Z.EUS:dnsmasq-debugsource-0:2.85-17.el9_6.1.ppc64le",
"AppStream-9.6.0.Z.EUS:dnsmasq-debugsource-0:2.85-17.el9_6.1.s390x",
"AppStream-9.6.0.Z.EUS:dnsmasq-debugsource-0:2.85-17.el9_6.1.x86_64",
"AppStream-9.6.0.Z.EUS:dnsmasq-utils-0:2.85-17.el9_6.1.aarch64",
"AppStream-9.6.0.Z.EUS:dnsmasq-utils-0:2.85-17.el9_6.1.ppc64le",
"AppStream-9.6.0.Z.EUS:dnsmasq-utils-0:2.85-17.el9_6.1.s390x",
"AppStream-9.6.0.Z.EUS:dnsmasq-utils-0:2.85-17.el9_6.1.x86_64",
"AppStream-9.6.0.Z.EUS:dnsmasq-utils-debuginfo-0:2.85-17.el9_6.1.aarch64",
"AppStream-9.6.0.Z.EUS:dnsmasq-utils-debuginfo-0:2.85-17.el9_6.1.ppc64le",
"AppStream-9.6.0.Z.EUS:dnsmasq-utils-debuginfo-0:2.85-17.el9_6.1.s390x",
"AppStream-9.6.0.Z.EUS:dnsmasq-utils-debuginfo-0:2.85-17.el9_6.1.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:34508"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"products": [
"AppStream-9.6.0.Z.EUS:dnsmasq-0:2.85-17.el9_6.1.aarch64",
"AppStream-9.6.0.Z.EUS:dnsmasq-0:2.85-17.el9_6.1.ppc64le",
"AppStream-9.6.0.Z.EUS:dnsmasq-0:2.85-17.el9_6.1.s390x",
"AppStream-9.6.0.Z.EUS:dnsmasq-0:2.85-17.el9_6.1.src",
"AppStream-9.6.0.Z.EUS:dnsmasq-0:2.85-17.el9_6.1.x86_64",
"AppStream-9.6.0.Z.EUS:dnsmasq-debuginfo-0:2.85-17.el9_6.1.aarch64",
"AppStream-9.6.0.Z.EUS:dnsmasq-debuginfo-0:2.85-17.el9_6.1.ppc64le",
"AppStream-9.6.0.Z.EUS:dnsmasq-debuginfo-0:2.85-17.el9_6.1.s390x",
"AppStream-9.6.0.Z.EUS:dnsmasq-debuginfo-0:2.85-17.el9_6.1.x86_64",
"AppStream-9.6.0.Z.EUS:dnsmasq-debugsource-0:2.85-17.el9_6.1.aarch64",
"AppStream-9.6.0.Z.EUS:dnsmasq-debugsource-0:2.85-17.el9_6.1.ppc64le",
"AppStream-9.6.0.Z.EUS:dnsmasq-debugsource-0:2.85-17.el9_6.1.s390x",
"AppStream-9.6.0.Z.EUS:dnsmasq-debugsource-0:2.85-17.el9_6.1.x86_64",
"AppStream-9.6.0.Z.EUS:dnsmasq-utils-0:2.85-17.el9_6.1.aarch64",
"AppStream-9.6.0.Z.EUS:dnsmasq-utils-0:2.85-17.el9_6.1.ppc64le",
"AppStream-9.6.0.Z.EUS:dnsmasq-utils-0:2.85-17.el9_6.1.s390x",
"AppStream-9.6.0.Z.EUS:dnsmasq-utils-0:2.85-17.el9_6.1.x86_64",
"AppStream-9.6.0.Z.EUS:dnsmasq-utils-debuginfo-0:2.85-17.el9_6.1.aarch64",
"AppStream-9.6.0.Z.EUS:dnsmasq-utils-debuginfo-0:2.85-17.el9_6.1.ppc64le",
"AppStream-9.6.0.Z.EUS:dnsmasq-utils-debuginfo-0:2.85-17.el9_6.1.s390x",
"AppStream-9.6.0.Z.EUS:dnsmasq-utils-debuginfo-0:2.85-17.el9_6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "dnsmasq: dnsmasq: heap buffer overflow in cache via NAME_ESCAPE expansion"
},
{
"cve": "CVE-2026-4890",
"cwe": {
"id": "CWE-835",
"name": "Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027)"
},
"discovery_date": "2026-04-14T22:32:21.880000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2458516"
}
],
"notes": [
{
"category": "description",
"text": "A denial of service vulnerability was discovered in dnsmasq\u0027s DNSSEC validation. When parsing NSEC and NSEC3 bitmap records, the window iteration logic fails to account for the 2-byte window header when advancing through the bitmap data. A specially crafted DNS response with a zero-length bitmap can cause an infinite loop, making dnsmasq unresponsive to all queries.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "dnsmasq: NSEC bitmap parsing infinite loop",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This issue affects deployments with DNSSEC validation enabled (--dnssec). The flaw is reachable before RRSIG signature validation, meaning no valid DNSSEC signatures are required to trigger it. However, the primary impact is limited to denial of service.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.6.0.Z.EUS:dnsmasq-0:2.85-17.el9_6.1.aarch64",
"AppStream-9.6.0.Z.EUS:dnsmasq-0:2.85-17.el9_6.1.ppc64le",
"AppStream-9.6.0.Z.EUS:dnsmasq-0:2.85-17.el9_6.1.s390x",
"AppStream-9.6.0.Z.EUS:dnsmasq-0:2.85-17.el9_6.1.src",
"AppStream-9.6.0.Z.EUS:dnsmasq-0:2.85-17.el9_6.1.x86_64",
"AppStream-9.6.0.Z.EUS:dnsmasq-debuginfo-0:2.85-17.el9_6.1.aarch64",
"AppStream-9.6.0.Z.EUS:dnsmasq-debuginfo-0:2.85-17.el9_6.1.ppc64le",
"AppStream-9.6.0.Z.EUS:dnsmasq-debuginfo-0:2.85-17.el9_6.1.s390x",
"AppStream-9.6.0.Z.EUS:dnsmasq-debuginfo-0:2.85-17.el9_6.1.x86_64",
"AppStream-9.6.0.Z.EUS:dnsmasq-debugsource-0:2.85-17.el9_6.1.aarch64",
"AppStream-9.6.0.Z.EUS:dnsmasq-debugsource-0:2.85-17.el9_6.1.ppc64le",
"AppStream-9.6.0.Z.EUS:dnsmasq-debugsource-0:2.85-17.el9_6.1.s390x",
"AppStream-9.6.0.Z.EUS:dnsmasq-debugsource-0:2.85-17.el9_6.1.x86_64",
"AppStream-9.6.0.Z.EUS:dnsmasq-utils-0:2.85-17.el9_6.1.aarch64",
"AppStream-9.6.0.Z.EUS:dnsmasq-utils-0:2.85-17.el9_6.1.ppc64le",
"AppStream-9.6.0.Z.EUS:dnsmasq-utils-0:2.85-17.el9_6.1.s390x",
"AppStream-9.6.0.Z.EUS:dnsmasq-utils-0:2.85-17.el9_6.1.x86_64",
"AppStream-9.6.0.Z.EUS:dnsmasq-utils-debuginfo-0:2.85-17.el9_6.1.aarch64",
"AppStream-9.6.0.Z.EUS:dnsmasq-utils-debuginfo-0:2.85-17.el9_6.1.ppc64le",
"AppStream-9.6.0.Z.EUS:dnsmasq-utils-debuginfo-0:2.85-17.el9_6.1.s390x",
"AppStream-9.6.0.Z.EUS:dnsmasq-utils-debuginfo-0:2.85-17.el9_6.1.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-4890"
},
{
"category": "external",
"summary": "RHBZ#2458516",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2458516"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-4890",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-4890"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-4890",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-4890"
},
{
"category": "external",
"summary": "https://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/2026q2/018471.html",
"url": "https://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/2026q2/018471.html"
}
],
"release_date": "2026-05-09T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-07-01T21:21:55+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.6.0.Z.EUS:dnsmasq-0:2.85-17.el9_6.1.aarch64",
"AppStream-9.6.0.Z.EUS:dnsmasq-0:2.85-17.el9_6.1.ppc64le",
"AppStream-9.6.0.Z.EUS:dnsmasq-0:2.85-17.el9_6.1.s390x",
"AppStream-9.6.0.Z.EUS:dnsmasq-0:2.85-17.el9_6.1.src",
"AppStream-9.6.0.Z.EUS:dnsmasq-0:2.85-17.el9_6.1.x86_64",
"AppStream-9.6.0.Z.EUS:dnsmasq-debuginfo-0:2.85-17.el9_6.1.aarch64",
"AppStream-9.6.0.Z.EUS:dnsmasq-debuginfo-0:2.85-17.el9_6.1.ppc64le",
"AppStream-9.6.0.Z.EUS:dnsmasq-debuginfo-0:2.85-17.el9_6.1.s390x",
"AppStream-9.6.0.Z.EUS:dnsmasq-debuginfo-0:2.85-17.el9_6.1.x86_64",
"AppStream-9.6.0.Z.EUS:dnsmasq-debugsource-0:2.85-17.el9_6.1.aarch64",
"AppStream-9.6.0.Z.EUS:dnsmasq-debugsource-0:2.85-17.el9_6.1.ppc64le",
"AppStream-9.6.0.Z.EUS:dnsmasq-debugsource-0:2.85-17.el9_6.1.s390x",
"AppStream-9.6.0.Z.EUS:dnsmasq-debugsource-0:2.85-17.el9_6.1.x86_64",
"AppStream-9.6.0.Z.EUS:dnsmasq-utils-0:2.85-17.el9_6.1.aarch64",
"AppStream-9.6.0.Z.EUS:dnsmasq-utils-0:2.85-17.el9_6.1.ppc64le",
"AppStream-9.6.0.Z.EUS:dnsmasq-utils-0:2.85-17.el9_6.1.s390x",
"AppStream-9.6.0.Z.EUS:dnsmasq-utils-0:2.85-17.el9_6.1.x86_64",
"AppStream-9.6.0.Z.EUS:dnsmasq-utils-debuginfo-0:2.85-17.el9_6.1.aarch64",
"AppStream-9.6.0.Z.EUS:dnsmasq-utils-debuginfo-0:2.85-17.el9_6.1.ppc64le",
"AppStream-9.6.0.Z.EUS:dnsmasq-utils-debuginfo-0:2.85-17.el9_6.1.s390x",
"AppStream-9.6.0.Z.EUS:dnsmasq-utils-debuginfo-0:2.85-17.el9_6.1.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:34508"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-9.6.0.Z.EUS:dnsmasq-0:2.85-17.el9_6.1.aarch64",
"AppStream-9.6.0.Z.EUS:dnsmasq-0:2.85-17.el9_6.1.ppc64le",
"AppStream-9.6.0.Z.EUS:dnsmasq-0:2.85-17.el9_6.1.s390x",
"AppStream-9.6.0.Z.EUS:dnsmasq-0:2.85-17.el9_6.1.src",
"AppStream-9.6.0.Z.EUS:dnsmasq-0:2.85-17.el9_6.1.x86_64",
"AppStream-9.6.0.Z.EUS:dnsmasq-debuginfo-0:2.85-17.el9_6.1.aarch64",
"AppStream-9.6.0.Z.EUS:dnsmasq-debuginfo-0:2.85-17.el9_6.1.ppc64le",
"AppStream-9.6.0.Z.EUS:dnsmasq-debuginfo-0:2.85-17.el9_6.1.s390x",
"AppStream-9.6.0.Z.EUS:dnsmasq-debuginfo-0:2.85-17.el9_6.1.x86_64",
"AppStream-9.6.0.Z.EUS:dnsmasq-debugsource-0:2.85-17.el9_6.1.aarch64",
"AppStream-9.6.0.Z.EUS:dnsmasq-debugsource-0:2.85-17.el9_6.1.ppc64le",
"AppStream-9.6.0.Z.EUS:dnsmasq-debugsource-0:2.85-17.el9_6.1.s390x",
"AppStream-9.6.0.Z.EUS:dnsmasq-debugsource-0:2.85-17.el9_6.1.x86_64",
"AppStream-9.6.0.Z.EUS:dnsmasq-utils-0:2.85-17.el9_6.1.aarch64",
"AppStream-9.6.0.Z.EUS:dnsmasq-utils-0:2.85-17.el9_6.1.ppc64le",
"AppStream-9.6.0.Z.EUS:dnsmasq-utils-0:2.85-17.el9_6.1.s390x",
"AppStream-9.6.0.Z.EUS:dnsmasq-utils-0:2.85-17.el9_6.1.x86_64",
"AppStream-9.6.0.Z.EUS:dnsmasq-utils-debuginfo-0:2.85-17.el9_6.1.aarch64",
"AppStream-9.6.0.Z.EUS:dnsmasq-utils-debuginfo-0:2.85-17.el9_6.1.ppc64le",
"AppStream-9.6.0.Z.EUS:dnsmasq-utils-debuginfo-0:2.85-17.el9_6.1.s390x",
"AppStream-9.6.0.Z.EUS:dnsmasq-utils-debuginfo-0:2.85-17.el9_6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "dnsmasq: NSEC bitmap parsing infinite loop"
},
{
"cve": "CVE-2026-4891",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"discovery_date": "2026-04-14T22:39:35.826000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2458517"
}
],
"notes": [
{
"category": "description",
"text": "A heap out-of-bounds read vulnerability was discovered in dnsmasq\u0027s DNSSEC validation. When processing RRSIG records, dnsmasq calculates the signature length by subtracting the fixed field size from the record\u0027s declared data length. A crafted RRSIG record with a data length smaller than the fixed fields causes this calculation to underflow, potentially resulting in an out-of-bounds read and process crash.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "dnsmasq: RRSIG rdlen underflow leading to heap OOB read",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.6.0.Z.EUS:dnsmasq-0:2.85-17.el9_6.1.aarch64",
"AppStream-9.6.0.Z.EUS:dnsmasq-0:2.85-17.el9_6.1.ppc64le",
"AppStream-9.6.0.Z.EUS:dnsmasq-0:2.85-17.el9_6.1.s390x",
"AppStream-9.6.0.Z.EUS:dnsmasq-0:2.85-17.el9_6.1.src",
"AppStream-9.6.0.Z.EUS:dnsmasq-0:2.85-17.el9_6.1.x86_64",
"AppStream-9.6.0.Z.EUS:dnsmasq-debuginfo-0:2.85-17.el9_6.1.aarch64",
"AppStream-9.6.0.Z.EUS:dnsmasq-debuginfo-0:2.85-17.el9_6.1.ppc64le",
"AppStream-9.6.0.Z.EUS:dnsmasq-debuginfo-0:2.85-17.el9_6.1.s390x",
"AppStream-9.6.0.Z.EUS:dnsmasq-debuginfo-0:2.85-17.el9_6.1.x86_64",
"AppStream-9.6.0.Z.EUS:dnsmasq-debugsource-0:2.85-17.el9_6.1.aarch64",
"AppStream-9.6.0.Z.EUS:dnsmasq-debugsource-0:2.85-17.el9_6.1.ppc64le",
"AppStream-9.6.0.Z.EUS:dnsmasq-debugsource-0:2.85-17.el9_6.1.s390x",
"AppStream-9.6.0.Z.EUS:dnsmasq-debugsource-0:2.85-17.el9_6.1.x86_64",
"AppStream-9.6.0.Z.EUS:dnsmasq-utils-0:2.85-17.el9_6.1.aarch64",
"AppStream-9.6.0.Z.EUS:dnsmasq-utils-0:2.85-17.el9_6.1.ppc64le",
"AppStream-9.6.0.Z.EUS:dnsmasq-utils-0:2.85-17.el9_6.1.s390x",
"AppStream-9.6.0.Z.EUS:dnsmasq-utils-0:2.85-17.el9_6.1.x86_64",
"AppStream-9.6.0.Z.EUS:dnsmasq-utils-debuginfo-0:2.85-17.el9_6.1.aarch64",
"AppStream-9.6.0.Z.EUS:dnsmasq-utils-debuginfo-0:2.85-17.el9_6.1.ppc64le",
"AppStream-9.6.0.Z.EUS:dnsmasq-utils-debuginfo-0:2.85-17.el9_6.1.s390x",
"AppStream-9.6.0.Z.EUS:dnsmasq-utils-debuginfo-0:2.85-17.el9_6.1.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-4891"
},
{
"category": "external",
"summary": "RHBZ#2458517",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2458517"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-4891",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-4891"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-4891",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-4891"
},
{
"category": "external",
"summary": "https://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/2026q2/018471.html",
"url": "https://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/2026q2/018471.html"
}
],
"release_date": "2026-05-09T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-07-01T21:21:55+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.6.0.Z.EUS:dnsmasq-0:2.85-17.el9_6.1.aarch64",
"AppStream-9.6.0.Z.EUS:dnsmasq-0:2.85-17.el9_6.1.ppc64le",
"AppStream-9.6.0.Z.EUS:dnsmasq-0:2.85-17.el9_6.1.s390x",
"AppStream-9.6.0.Z.EUS:dnsmasq-0:2.85-17.el9_6.1.src",
"AppStream-9.6.0.Z.EUS:dnsmasq-0:2.85-17.el9_6.1.x86_64",
"AppStream-9.6.0.Z.EUS:dnsmasq-debuginfo-0:2.85-17.el9_6.1.aarch64",
"AppStream-9.6.0.Z.EUS:dnsmasq-debuginfo-0:2.85-17.el9_6.1.ppc64le",
"AppStream-9.6.0.Z.EUS:dnsmasq-debuginfo-0:2.85-17.el9_6.1.s390x",
"AppStream-9.6.0.Z.EUS:dnsmasq-debuginfo-0:2.85-17.el9_6.1.x86_64",
"AppStream-9.6.0.Z.EUS:dnsmasq-debugsource-0:2.85-17.el9_6.1.aarch64",
"AppStream-9.6.0.Z.EUS:dnsmasq-debugsource-0:2.85-17.el9_6.1.ppc64le",
"AppStream-9.6.0.Z.EUS:dnsmasq-debugsource-0:2.85-17.el9_6.1.s390x",
"AppStream-9.6.0.Z.EUS:dnsmasq-debugsource-0:2.85-17.el9_6.1.x86_64",
"AppStream-9.6.0.Z.EUS:dnsmasq-utils-0:2.85-17.el9_6.1.aarch64",
"AppStream-9.6.0.Z.EUS:dnsmasq-utils-0:2.85-17.el9_6.1.ppc64le",
"AppStream-9.6.0.Z.EUS:dnsmasq-utils-0:2.85-17.el9_6.1.s390x",
"AppStream-9.6.0.Z.EUS:dnsmasq-utils-0:2.85-17.el9_6.1.x86_64",
"AppStream-9.6.0.Z.EUS:dnsmasq-utils-debuginfo-0:2.85-17.el9_6.1.aarch64",
"AppStream-9.6.0.Z.EUS:dnsmasq-utils-debuginfo-0:2.85-17.el9_6.1.ppc64le",
"AppStream-9.6.0.Z.EUS:dnsmasq-utils-debuginfo-0:2.85-17.el9_6.1.s390x",
"AppStream-9.6.0.Z.EUS:dnsmasq-utils-debuginfo-0:2.85-17.el9_6.1.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:34508"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-9.6.0.Z.EUS:dnsmasq-0:2.85-17.el9_6.1.aarch64",
"AppStream-9.6.0.Z.EUS:dnsmasq-0:2.85-17.el9_6.1.ppc64le",
"AppStream-9.6.0.Z.EUS:dnsmasq-0:2.85-17.el9_6.1.s390x",
"AppStream-9.6.0.Z.EUS:dnsmasq-0:2.85-17.el9_6.1.src",
"AppStream-9.6.0.Z.EUS:dnsmasq-0:2.85-17.el9_6.1.x86_64",
"AppStream-9.6.0.Z.EUS:dnsmasq-debuginfo-0:2.85-17.el9_6.1.aarch64",
"AppStream-9.6.0.Z.EUS:dnsmasq-debuginfo-0:2.85-17.el9_6.1.ppc64le",
"AppStream-9.6.0.Z.EUS:dnsmasq-debuginfo-0:2.85-17.el9_6.1.s390x",
"AppStream-9.6.0.Z.EUS:dnsmasq-debuginfo-0:2.85-17.el9_6.1.x86_64",
"AppStream-9.6.0.Z.EUS:dnsmasq-debugsource-0:2.85-17.el9_6.1.aarch64",
"AppStream-9.6.0.Z.EUS:dnsmasq-debugsource-0:2.85-17.el9_6.1.ppc64le",
"AppStream-9.6.0.Z.EUS:dnsmasq-debugsource-0:2.85-17.el9_6.1.s390x",
"AppStream-9.6.0.Z.EUS:dnsmasq-debugsource-0:2.85-17.el9_6.1.x86_64",
"AppStream-9.6.0.Z.EUS:dnsmasq-utils-0:2.85-17.el9_6.1.aarch64",
"AppStream-9.6.0.Z.EUS:dnsmasq-utils-0:2.85-17.el9_6.1.ppc64le",
"AppStream-9.6.0.Z.EUS:dnsmasq-utils-0:2.85-17.el9_6.1.s390x",
"AppStream-9.6.0.Z.EUS:dnsmasq-utils-0:2.85-17.el9_6.1.x86_64",
"AppStream-9.6.0.Z.EUS:dnsmasq-utils-debuginfo-0:2.85-17.el9_6.1.aarch64",
"AppStream-9.6.0.Z.EUS:dnsmasq-utils-debuginfo-0:2.85-17.el9_6.1.ppc64le",
"AppStream-9.6.0.Z.EUS:dnsmasq-utils-debuginfo-0:2.85-17.el9_6.1.s390x",
"AppStream-9.6.0.Z.EUS:dnsmasq-utils-debuginfo-0:2.85-17.el9_6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "dnsmasq: RRSIG rdlen underflow leading to heap OOB read"
},
{
"cve": "CVE-2026-4892",
"cwe": {
"id": "CWE-122",
"name": "Heap-based Buffer Overflow"
},
"discovery_date": "2026-04-14T22:44:58.432000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2458518"
}
],
"notes": [
{
"category": "description",
"text": "A heap buffer overflow was discovered in dnsmasq\u0027s DHCP script helper process. When processing DHCPv6 client identifiers (CLIDs), the helper hex-encodes the raw CLID bytes into a fixed-size buffer without length validation. Since DHCPv6 CLIDs can be up to 65,535 bytes, a crafted DHCPv6 packet can overflow the buffer with attacker-controlled content. The helper process runs with root privileges.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "dnsmasq: DHCPv6 CLID buffer overflow in helper process",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat rates this as Important. The overflow occurs in a root-privileged helper process with attacker-controlled content, and the `--dhcp-script` option is enabled by default in libvirt virtual network configurations, which affects RHEL systems using virt-manager, virt-install, or cockpit-machines. Exploitation requires the attacker to send crafted DHCPv6 packets from within the virtual network, meaning a malicious VM guest could potentially exploit this for host-level code execution as root.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.6.0.Z.EUS:dnsmasq-0:2.85-17.el9_6.1.aarch64",
"AppStream-9.6.0.Z.EUS:dnsmasq-0:2.85-17.el9_6.1.ppc64le",
"AppStream-9.6.0.Z.EUS:dnsmasq-0:2.85-17.el9_6.1.s390x",
"AppStream-9.6.0.Z.EUS:dnsmasq-0:2.85-17.el9_6.1.src",
"AppStream-9.6.0.Z.EUS:dnsmasq-0:2.85-17.el9_6.1.x86_64",
"AppStream-9.6.0.Z.EUS:dnsmasq-debuginfo-0:2.85-17.el9_6.1.aarch64",
"AppStream-9.6.0.Z.EUS:dnsmasq-debuginfo-0:2.85-17.el9_6.1.ppc64le",
"AppStream-9.6.0.Z.EUS:dnsmasq-debuginfo-0:2.85-17.el9_6.1.s390x",
"AppStream-9.6.0.Z.EUS:dnsmasq-debuginfo-0:2.85-17.el9_6.1.x86_64",
"AppStream-9.6.0.Z.EUS:dnsmasq-debugsource-0:2.85-17.el9_6.1.aarch64",
"AppStream-9.6.0.Z.EUS:dnsmasq-debugsource-0:2.85-17.el9_6.1.ppc64le",
"AppStream-9.6.0.Z.EUS:dnsmasq-debugsource-0:2.85-17.el9_6.1.s390x",
"AppStream-9.6.0.Z.EUS:dnsmasq-debugsource-0:2.85-17.el9_6.1.x86_64",
"AppStream-9.6.0.Z.EUS:dnsmasq-utils-0:2.85-17.el9_6.1.aarch64",
"AppStream-9.6.0.Z.EUS:dnsmasq-utils-0:2.85-17.el9_6.1.ppc64le",
"AppStream-9.6.0.Z.EUS:dnsmasq-utils-0:2.85-17.el9_6.1.s390x",
"AppStream-9.6.0.Z.EUS:dnsmasq-utils-0:2.85-17.el9_6.1.x86_64",
"AppStream-9.6.0.Z.EUS:dnsmasq-utils-debuginfo-0:2.85-17.el9_6.1.aarch64",
"AppStream-9.6.0.Z.EUS:dnsmasq-utils-debuginfo-0:2.85-17.el9_6.1.ppc64le",
"AppStream-9.6.0.Z.EUS:dnsmasq-utils-debuginfo-0:2.85-17.el9_6.1.s390x",
"AppStream-9.6.0.Z.EUS:dnsmasq-utils-debuginfo-0:2.85-17.el9_6.1.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-4892"
},
{
"category": "external",
"summary": "RHBZ#2458518",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2458518"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-4892",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-4892"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-4892",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-4892"
},
{
"category": "external",
"summary": "https://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/2026q2/018471.html",
"url": "https://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/2026q2/018471.html"
}
],
"release_date": "2026-05-09T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-07-01T21:21:55+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.6.0.Z.EUS:dnsmasq-0:2.85-17.el9_6.1.aarch64",
"AppStream-9.6.0.Z.EUS:dnsmasq-0:2.85-17.el9_6.1.ppc64le",
"AppStream-9.6.0.Z.EUS:dnsmasq-0:2.85-17.el9_6.1.s390x",
"AppStream-9.6.0.Z.EUS:dnsmasq-0:2.85-17.el9_6.1.src",
"AppStream-9.6.0.Z.EUS:dnsmasq-0:2.85-17.el9_6.1.x86_64",
"AppStream-9.6.0.Z.EUS:dnsmasq-debuginfo-0:2.85-17.el9_6.1.aarch64",
"AppStream-9.6.0.Z.EUS:dnsmasq-debuginfo-0:2.85-17.el9_6.1.ppc64le",
"AppStream-9.6.0.Z.EUS:dnsmasq-debuginfo-0:2.85-17.el9_6.1.s390x",
"AppStream-9.6.0.Z.EUS:dnsmasq-debuginfo-0:2.85-17.el9_6.1.x86_64",
"AppStream-9.6.0.Z.EUS:dnsmasq-debugsource-0:2.85-17.el9_6.1.aarch64",
"AppStream-9.6.0.Z.EUS:dnsmasq-debugsource-0:2.85-17.el9_6.1.ppc64le",
"AppStream-9.6.0.Z.EUS:dnsmasq-debugsource-0:2.85-17.el9_6.1.s390x",
"AppStream-9.6.0.Z.EUS:dnsmasq-debugsource-0:2.85-17.el9_6.1.x86_64",
"AppStream-9.6.0.Z.EUS:dnsmasq-utils-0:2.85-17.el9_6.1.aarch64",
"AppStream-9.6.0.Z.EUS:dnsmasq-utils-0:2.85-17.el9_6.1.ppc64le",
"AppStream-9.6.0.Z.EUS:dnsmasq-utils-0:2.85-17.el9_6.1.s390x",
"AppStream-9.6.0.Z.EUS:dnsmasq-utils-0:2.85-17.el9_6.1.x86_64",
"AppStream-9.6.0.Z.EUS:dnsmasq-utils-debuginfo-0:2.85-17.el9_6.1.aarch64",
"AppStream-9.6.0.Z.EUS:dnsmasq-utils-debuginfo-0:2.85-17.el9_6.1.ppc64le",
"AppStream-9.6.0.Z.EUS:dnsmasq-utils-debuginfo-0:2.85-17.el9_6.1.s390x",
"AppStream-9.6.0.Z.EUS:dnsmasq-utils-debuginfo-0:2.85-17.el9_6.1.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:34508"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"AppStream-9.6.0.Z.EUS:dnsmasq-0:2.85-17.el9_6.1.aarch64",
"AppStream-9.6.0.Z.EUS:dnsmasq-0:2.85-17.el9_6.1.ppc64le",
"AppStream-9.6.0.Z.EUS:dnsmasq-0:2.85-17.el9_6.1.s390x",
"AppStream-9.6.0.Z.EUS:dnsmasq-0:2.85-17.el9_6.1.src",
"AppStream-9.6.0.Z.EUS:dnsmasq-0:2.85-17.el9_6.1.x86_64",
"AppStream-9.6.0.Z.EUS:dnsmasq-debuginfo-0:2.85-17.el9_6.1.aarch64",
"AppStream-9.6.0.Z.EUS:dnsmasq-debuginfo-0:2.85-17.el9_6.1.ppc64le",
"AppStream-9.6.0.Z.EUS:dnsmasq-debuginfo-0:2.85-17.el9_6.1.s390x",
"AppStream-9.6.0.Z.EUS:dnsmasq-debuginfo-0:2.85-17.el9_6.1.x86_64",
"AppStream-9.6.0.Z.EUS:dnsmasq-debugsource-0:2.85-17.el9_6.1.aarch64",
"AppStream-9.6.0.Z.EUS:dnsmasq-debugsource-0:2.85-17.el9_6.1.ppc64le",
"AppStream-9.6.0.Z.EUS:dnsmasq-debugsource-0:2.85-17.el9_6.1.s390x",
"AppStream-9.6.0.Z.EUS:dnsmasq-debugsource-0:2.85-17.el9_6.1.x86_64",
"AppStream-9.6.0.Z.EUS:dnsmasq-utils-0:2.85-17.el9_6.1.aarch64",
"AppStream-9.6.0.Z.EUS:dnsmasq-utils-0:2.85-17.el9_6.1.ppc64le",
"AppStream-9.6.0.Z.EUS:dnsmasq-utils-0:2.85-17.el9_6.1.s390x",
"AppStream-9.6.0.Z.EUS:dnsmasq-utils-0:2.85-17.el9_6.1.x86_64",
"AppStream-9.6.0.Z.EUS:dnsmasq-utils-debuginfo-0:2.85-17.el9_6.1.aarch64",
"AppStream-9.6.0.Z.EUS:dnsmasq-utils-debuginfo-0:2.85-17.el9_6.1.ppc64le",
"AppStream-9.6.0.Z.EUS:dnsmasq-utils-debuginfo-0:2.85-17.el9_6.1.s390x",
"AppStream-9.6.0.Z.EUS:dnsmasq-utils-debuginfo-0:2.85-17.el9_6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "dnsmasq: DHCPv6 CLID buffer overflow in helper process"
},
{
"cve": "CVE-2026-4893",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"discovery_date": "2026-04-14T22:50:18.517000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2458519"
}
],
"notes": [
{
"category": "description",
"text": "A validation bypass was discovered in dnsmasq\u0027s RFC 7871 client subnet (ECS) handling. When verifying ECS source information in DNS responses, dnsmasq passes the OPT record length instead of the full packet length to the validation function.This causes all internal bounds checks to fail, completely bypassing ECS source validation and allowing an attacker to spoof client subnet information.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "dnsmasq: Broken ECS source validation bypass",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat rates this as Moderate. This issue affects deployments with the `--add-subnet` option enabled. The impact is limited to bypassing ECS source validation, which could allow cache manipulation scoped to specific subnets or minor information disclosure about network topology.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.6.0.Z.EUS:dnsmasq-0:2.85-17.el9_6.1.aarch64",
"AppStream-9.6.0.Z.EUS:dnsmasq-0:2.85-17.el9_6.1.ppc64le",
"AppStream-9.6.0.Z.EUS:dnsmasq-0:2.85-17.el9_6.1.s390x",
"AppStream-9.6.0.Z.EUS:dnsmasq-0:2.85-17.el9_6.1.src",
"AppStream-9.6.0.Z.EUS:dnsmasq-0:2.85-17.el9_6.1.x86_64",
"AppStream-9.6.0.Z.EUS:dnsmasq-debuginfo-0:2.85-17.el9_6.1.aarch64",
"AppStream-9.6.0.Z.EUS:dnsmasq-debuginfo-0:2.85-17.el9_6.1.ppc64le",
"AppStream-9.6.0.Z.EUS:dnsmasq-debuginfo-0:2.85-17.el9_6.1.s390x",
"AppStream-9.6.0.Z.EUS:dnsmasq-debuginfo-0:2.85-17.el9_6.1.x86_64",
"AppStream-9.6.0.Z.EUS:dnsmasq-debugsource-0:2.85-17.el9_6.1.aarch64",
"AppStream-9.6.0.Z.EUS:dnsmasq-debugsource-0:2.85-17.el9_6.1.ppc64le",
"AppStream-9.6.0.Z.EUS:dnsmasq-debugsource-0:2.85-17.el9_6.1.s390x",
"AppStream-9.6.0.Z.EUS:dnsmasq-debugsource-0:2.85-17.el9_6.1.x86_64",
"AppStream-9.6.0.Z.EUS:dnsmasq-utils-0:2.85-17.el9_6.1.aarch64",
"AppStream-9.6.0.Z.EUS:dnsmasq-utils-0:2.85-17.el9_6.1.ppc64le",
"AppStream-9.6.0.Z.EUS:dnsmasq-utils-0:2.85-17.el9_6.1.s390x",
"AppStream-9.6.0.Z.EUS:dnsmasq-utils-0:2.85-17.el9_6.1.x86_64",
"AppStream-9.6.0.Z.EUS:dnsmasq-utils-debuginfo-0:2.85-17.el9_6.1.aarch64",
"AppStream-9.6.0.Z.EUS:dnsmasq-utils-debuginfo-0:2.85-17.el9_6.1.ppc64le",
"AppStream-9.6.0.Z.EUS:dnsmasq-utils-debuginfo-0:2.85-17.el9_6.1.s390x",
"AppStream-9.6.0.Z.EUS:dnsmasq-utils-debuginfo-0:2.85-17.el9_6.1.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-4893"
},
{
"category": "external",
"summary": "RHBZ#2458519",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2458519"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-4893",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-4893"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-4893",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-4893"
},
{
"category": "external",
"summary": "https://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/2026q2/018471.html",
"url": "https://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/2026q2/018471.html"
}
],
"release_date": "2026-05-09T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-07-01T21:21:55+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.6.0.Z.EUS:dnsmasq-0:2.85-17.el9_6.1.aarch64",
"AppStream-9.6.0.Z.EUS:dnsmasq-0:2.85-17.el9_6.1.ppc64le",
"AppStream-9.6.0.Z.EUS:dnsmasq-0:2.85-17.el9_6.1.s390x",
"AppStream-9.6.0.Z.EUS:dnsmasq-0:2.85-17.el9_6.1.src",
"AppStream-9.6.0.Z.EUS:dnsmasq-0:2.85-17.el9_6.1.x86_64",
"AppStream-9.6.0.Z.EUS:dnsmasq-debuginfo-0:2.85-17.el9_6.1.aarch64",
"AppStream-9.6.0.Z.EUS:dnsmasq-debuginfo-0:2.85-17.el9_6.1.ppc64le",
"AppStream-9.6.0.Z.EUS:dnsmasq-debuginfo-0:2.85-17.el9_6.1.s390x",
"AppStream-9.6.0.Z.EUS:dnsmasq-debuginfo-0:2.85-17.el9_6.1.x86_64",
"AppStream-9.6.0.Z.EUS:dnsmasq-debugsource-0:2.85-17.el9_6.1.aarch64",
"AppStream-9.6.0.Z.EUS:dnsmasq-debugsource-0:2.85-17.el9_6.1.ppc64le",
"AppStream-9.6.0.Z.EUS:dnsmasq-debugsource-0:2.85-17.el9_6.1.s390x",
"AppStream-9.6.0.Z.EUS:dnsmasq-debugsource-0:2.85-17.el9_6.1.x86_64",
"AppStream-9.6.0.Z.EUS:dnsmasq-utils-0:2.85-17.el9_6.1.aarch64",
"AppStream-9.6.0.Z.EUS:dnsmasq-utils-0:2.85-17.el9_6.1.ppc64le",
"AppStream-9.6.0.Z.EUS:dnsmasq-utils-0:2.85-17.el9_6.1.s390x",
"AppStream-9.6.0.Z.EUS:dnsmasq-utils-0:2.85-17.el9_6.1.x86_64",
"AppStream-9.6.0.Z.EUS:dnsmasq-utils-debuginfo-0:2.85-17.el9_6.1.aarch64",
"AppStream-9.6.0.Z.EUS:dnsmasq-utils-debuginfo-0:2.85-17.el9_6.1.ppc64le",
"AppStream-9.6.0.Z.EUS:dnsmasq-utils-debuginfo-0:2.85-17.el9_6.1.s390x",
"AppStream-9.6.0.Z.EUS:dnsmasq-utils-debuginfo-0:2.85-17.el9_6.1.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:34508"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"AppStream-9.6.0.Z.EUS:dnsmasq-0:2.85-17.el9_6.1.aarch64",
"AppStream-9.6.0.Z.EUS:dnsmasq-0:2.85-17.el9_6.1.ppc64le",
"AppStream-9.6.0.Z.EUS:dnsmasq-0:2.85-17.el9_6.1.s390x",
"AppStream-9.6.0.Z.EUS:dnsmasq-0:2.85-17.el9_6.1.src",
"AppStream-9.6.0.Z.EUS:dnsmasq-0:2.85-17.el9_6.1.x86_64",
"AppStream-9.6.0.Z.EUS:dnsmasq-debuginfo-0:2.85-17.el9_6.1.aarch64",
"AppStream-9.6.0.Z.EUS:dnsmasq-debuginfo-0:2.85-17.el9_6.1.ppc64le",
"AppStream-9.6.0.Z.EUS:dnsmasq-debuginfo-0:2.85-17.el9_6.1.s390x",
"AppStream-9.6.0.Z.EUS:dnsmasq-debuginfo-0:2.85-17.el9_6.1.x86_64",
"AppStream-9.6.0.Z.EUS:dnsmasq-debugsource-0:2.85-17.el9_6.1.aarch64",
"AppStream-9.6.0.Z.EUS:dnsmasq-debugsource-0:2.85-17.el9_6.1.ppc64le",
"AppStream-9.6.0.Z.EUS:dnsmasq-debugsource-0:2.85-17.el9_6.1.s390x",
"AppStream-9.6.0.Z.EUS:dnsmasq-debugsource-0:2.85-17.el9_6.1.x86_64",
"AppStream-9.6.0.Z.EUS:dnsmasq-utils-0:2.85-17.el9_6.1.aarch64",
"AppStream-9.6.0.Z.EUS:dnsmasq-utils-0:2.85-17.el9_6.1.ppc64le",
"AppStream-9.6.0.Z.EUS:dnsmasq-utils-0:2.85-17.el9_6.1.s390x",
"AppStream-9.6.0.Z.EUS:dnsmasq-utils-0:2.85-17.el9_6.1.x86_64",
"AppStream-9.6.0.Z.EUS:dnsmasq-utils-debuginfo-0:2.85-17.el9_6.1.aarch64",
"AppStream-9.6.0.Z.EUS:dnsmasq-utils-debuginfo-0:2.85-17.el9_6.1.ppc64le",
"AppStream-9.6.0.Z.EUS:dnsmasq-utils-debuginfo-0:2.85-17.el9_6.1.s390x",
"AppStream-9.6.0.Z.EUS:dnsmasq-utils-debuginfo-0:2.85-17.el9_6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "dnsmasq: Broken ECS source validation bypass"
}
]
}
SUSE-SU-2026:1934-1
Vulnerability from csaf_suse - Published: 2026-05-18 07:40 - Updated: 2026-05-18 07:40| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:dnsmasq-2.92rel2-150400.16.12.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:dnsmasq-2.92rel2-150400.16.12.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:dnsmasq-2.92rel2-150400.16.12.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:dnsmasq-2.92rel2-150400.16.12.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:dnsmasq-2.92rel2-150400.16.12.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:dnsmasq-2.92rel2-150400.16.12.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:dnsmasq-2.92rel2-150400.16.12.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:dnsmasq-2.92rel2-150400.16.12.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.3:dnsmasq-2.92rel2-150400.16.12.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.3:dnsmasq-2.92rel2-150400.16.12.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.3:dnsmasq-2.92rel2-150400.16.12.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.4:dnsmasq-2.92rel2-150400.16.12.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.4:dnsmasq-2.92rel2-150400.16.12.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.4:dnsmasq-2.92rel2-150400.16.12.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.5:dnsmasq-2.92rel2-150400.16.12.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.5:dnsmasq-2.92rel2-150400.16.12.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.5:dnsmasq-2.92rel2-150400.16.12.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.5:dnsmasq-2.92rel2-150400.16.12.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP7:dnsmasq-2.92rel2-150400.16.12.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP7:dnsmasq-2.92rel2-150400.16.12.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP7:dnsmasq-2.92rel2-150400.16.12.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP7:dnsmasq-2.92rel2-150400.16.12.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:dnsmasq-2.92rel2-150400.16.12.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:dnsmasq-2.92rel2-150400.16.12.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:dnsmasq-2.92rel2-150400.16.12.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:dnsmasq-2.92rel2-150400.16.12.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP5-LTSS:dnsmasq-2.92rel2-150400.16.12.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP5-LTSS:dnsmasq-2.92rel2-150400.16.12.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP5-LTSS:dnsmasq-2.92rel2-150400.16.12.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP5-LTSS:dnsmasq-2.92rel2-150400.16.12.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:dnsmasq-2.92rel2-150400.16.12.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:dnsmasq-2.92rel2-150400.16.12.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:dnsmasq-2.92rel2-150400.16.12.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:dnsmasq-2.92rel2-150400.16.12.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP4:dnsmasq-2.92rel2-150400.16.12.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP4:dnsmasq-2.92rel2-150400.16.12.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP5:dnsmasq-2.92rel2-150400.16.12.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP5:dnsmasq-2.92rel2-150400.16.12.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP6:dnsmasq-2.92rel2-150400.16.12.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP6:dnsmasq-2.92rel2-150400.16.12.1.x86_64 | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:dnsmasq-2.92rel2-150400.16.12.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:dnsmasq-2.92rel2-150400.16.12.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:dnsmasq-2.92rel2-150400.16.12.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:dnsmasq-2.92rel2-150400.16.12.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:dnsmasq-2.92rel2-150400.16.12.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:dnsmasq-2.92rel2-150400.16.12.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:dnsmasq-2.92rel2-150400.16.12.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:dnsmasq-2.92rel2-150400.16.12.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.3:dnsmasq-2.92rel2-150400.16.12.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.3:dnsmasq-2.92rel2-150400.16.12.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.3:dnsmasq-2.92rel2-150400.16.12.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.4:dnsmasq-2.92rel2-150400.16.12.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.4:dnsmasq-2.92rel2-150400.16.12.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.4:dnsmasq-2.92rel2-150400.16.12.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.5:dnsmasq-2.92rel2-150400.16.12.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.5:dnsmasq-2.92rel2-150400.16.12.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.5:dnsmasq-2.92rel2-150400.16.12.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.5:dnsmasq-2.92rel2-150400.16.12.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP7:dnsmasq-2.92rel2-150400.16.12.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP7:dnsmasq-2.92rel2-150400.16.12.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP7:dnsmasq-2.92rel2-150400.16.12.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP7:dnsmasq-2.92rel2-150400.16.12.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:dnsmasq-2.92rel2-150400.16.12.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:dnsmasq-2.92rel2-150400.16.12.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:dnsmasq-2.92rel2-150400.16.12.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:dnsmasq-2.92rel2-150400.16.12.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP5-LTSS:dnsmasq-2.92rel2-150400.16.12.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP5-LTSS:dnsmasq-2.92rel2-150400.16.12.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP5-LTSS:dnsmasq-2.92rel2-150400.16.12.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP5-LTSS:dnsmasq-2.92rel2-150400.16.12.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:dnsmasq-2.92rel2-150400.16.12.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:dnsmasq-2.92rel2-150400.16.12.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:dnsmasq-2.92rel2-150400.16.12.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:dnsmasq-2.92rel2-150400.16.12.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP4:dnsmasq-2.92rel2-150400.16.12.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP4:dnsmasq-2.92rel2-150400.16.12.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP5:dnsmasq-2.92rel2-150400.16.12.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP5:dnsmasq-2.92rel2-150400.16.12.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP6:dnsmasq-2.92rel2-150400.16.12.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP6:dnsmasq-2.92rel2-150400.16.12.1.x86_64 | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:dnsmasq-2.92rel2-150400.16.12.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:dnsmasq-2.92rel2-150400.16.12.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:dnsmasq-2.92rel2-150400.16.12.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:dnsmasq-2.92rel2-150400.16.12.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:dnsmasq-2.92rel2-150400.16.12.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:dnsmasq-2.92rel2-150400.16.12.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:dnsmasq-2.92rel2-150400.16.12.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:dnsmasq-2.92rel2-150400.16.12.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.3:dnsmasq-2.92rel2-150400.16.12.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.3:dnsmasq-2.92rel2-150400.16.12.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.3:dnsmasq-2.92rel2-150400.16.12.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.4:dnsmasq-2.92rel2-150400.16.12.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.4:dnsmasq-2.92rel2-150400.16.12.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.4:dnsmasq-2.92rel2-150400.16.12.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.5:dnsmasq-2.92rel2-150400.16.12.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.5:dnsmasq-2.92rel2-150400.16.12.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.5:dnsmasq-2.92rel2-150400.16.12.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.5:dnsmasq-2.92rel2-150400.16.12.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP7:dnsmasq-2.92rel2-150400.16.12.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP7:dnsmasq-2.92rel2-150400.16.12.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP7:dnsmasq-2.92rel2-150400.16.12.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP7:dnsmasq-2.92rel2-150400.16.12.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:dnsmasq-2.92rel2-150400.16.12.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:dnsmasq-2.92rel2-150400.16.12.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:dnsmasq-2.92rel2-150400.16.12.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:dnsmasq-2.92rel2-150400.16.12.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP5-LTSS:dnsmasq-2.92rel2-150400.16.12.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP5-LTSS:dnsmasq-2.92rel2-150400.16.12.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP5-LTSS:dnsmasq-2.92rel2-150400.16.12.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP5-LTSS:dnsmasq-2.92rel2-150400.16.12.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:dnsmasq-2.92rel2-150400.16.12.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:dnsmasq-2.92rel2-150400.16.12.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:dnsmasq-2.92rel2-150400.16.12.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:dnsmasq-2.92rel2-150400.16.12.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP4:dnsmasq-2.92rel2-150400.16.12.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP4:dnsmasq-2.92rel2-150400.16.12.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP5:dnsmasq-2.92rel2-150400.16.12.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP5:dnsmasq-2.92rel2-150400.16.12.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP6:dnsmasq-2.92rel2-150400.16.12.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP6:dnsmasq-2.92rel2-150400.16.12.1.x86_64 | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:dnsmasq-2.92rel2-150400.16.12.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:dnsmasq-2.92rel2-150400.16.12.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:dnsmasq-2.92rel2-150400.16.12.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:dnsmasq-2.92rel2-150400.16.12.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:dnsmasq-2.92rel2-150400.16.12.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:dnsmasq-2.92rel2-150400.16.12.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:dnsmasq-2.92rel2-150400.16.12.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:dnsmasq-2.92rel2-150400.16.12.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.3:dnsmasq-2.92rel2-150400.16.12.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.3:dnsmasq-2.92rel2-150400.16.12.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.3:dnsmasq-2.92rel2-150400.16.12.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.4:dnsmasq-2.92rel2-150400.16.12.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.4:dnsmasq-2.92rel2-150400.16.12.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.4:dnsmasq-2.92rel2-150400.16.12.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.5:dnsmasq-2.92rel2-150400.16.12.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.5:dnsmasq-2.92rel2-150400.16.12.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.5:dnsmasq-2.92rel2-150400.16.12.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.5:dnsmasq-2.92rel2-150400.16.12.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP7:dnsmasq-2.92rel2-150400.16.12.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP7:dnsmasq-2.92rel2-150400.16.12.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP7:dnsmasq-2.92rel2-150400.16.12.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP7:dnsmasq-2.92rel2-150400.16.12.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:dnsmasq-2.92rel2-150400.16.12.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:dnsmasq-2.92rel2-150400.16.12.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:dnsmasq-2.92rel2-150400.16.12.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:dnsmasq-2.92rel2-150400.16.12.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP5-LTSS:dnsmasq-2.92rel2-150400.16.12.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP5-LTSS:dnsmasq-2.92rel2-150400.16.12.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP5-LTSS:dnsmasq-2.92rel2-150400.16.12.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP5-LTSS:dnsmasq-2.92rel2-150400.16.12.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:dnsmasq-2.92rel2-150400.16.12.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:dnsmasq-2.92rel2-150400.16.12.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:dnsmasq-2.92rel2-150400.16.12.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:dnsmasq-2.92rel2-150400.16.12.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP4:dnsmasq-2.92rel2-150400.16.12.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP4:dnsmasq-2.92rel2-150400.16.12.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP5:dnsmasq-2.92rel2-150400.16.12.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP5:dnsmasq-2.92rel2-150400.16.12.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP6:dnsmasq-2.92rel2-150400.16.12.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP6:dnsmasq-2.92rel2-150400.16.12.1.x86_64 | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:dnsmasq-2.92rel2-150400.16.12.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:dnsmasq-2.92rel2-150400.16.12.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:dnsmasq-2.92rel2-150400.16.12.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:dnsmasq-2.92rel2-150400.16.12.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:dnsmasq-2.92rel2-150400.16.12.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:dnsmasq-2.92rel2-150400.16.12.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:dnsmasq-2.92rel2-150400.16.12.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:dnsmasq-2.92rel2-150400.16.12.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.3:dnsmasq-2.92rel2-150400.16.12.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.3:dnsmasq-2.92rel2-150400.16.12.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.3:dnsmasq-2.92rel2-150400.16.12.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.4:dnsmasq-2.92rel2-150400.16.12.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.4:dnsmasq-2.92rel2-150400.16.12.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.4:dnsmasq-2.92rel2-150400.16.12.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.5:dnsmasq-2.92rel2-150400.16.12.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.5:dnsmasq-2.92rel2-150400.16.12.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.5:dnsmasq-2.92rel2-150400.16.12.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.5:dnsmasq-2.92rel2-150400.16.12.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP7:dnsmasq-2.92rel2-150400.16.12.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP7:dnsmasq-2.92rel2-150400.16.12.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP7:dnsmasq-2.92rel2-150400.16.12.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP7:dnsmasq-2.92rel2-150400.16.12.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:dnsmasq-2.92rel2-150400.16.12.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:dnsmasq-2.92rel2-150400.16.12.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:dnsmasq-2.92rel2-150400.16.12.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:dnsmasq-2.92rel2-150400.16.12.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP5-LTSS:dnsmasq-2.92rel2-150400.16.12.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP5-LTSS:dnsmasq-2.92rel2-150400.16.12.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP5-LTSS:dnsmasq-2.92rel2-150400.16.12.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP5-LTSS:dnsmasq-2.92rel2-150400.16.12.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:dnsmasq-2.92rel2-150400.16.12.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:dnsmasq-2.92rel2-150400.16.12.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:dnsmasq-2.92rel2-150400.16.12.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:dnsmasq-2.92rel2-150400.16.12.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP4:dnsmasq-2.92rel2-150400.16.12.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP4:dnsmasq-2.92rel2-150400.16.12.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP5:dnsmasq-2.92rel2-150400.16.12.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP5:dnsmasq-2.92rel2-150400.16.12.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP6:dnsmasq-2.92rel2-150400.16.12.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP6:dnsmasq-2.92rel2-150400.16.12.1.x86_64 | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:dnsmasq-2.92rel2-150400.16.12.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:dnsmasq-2.92rel2-150400.16.12.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:dnsmasq-2.92rel2-150400.16.12.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:dnsmasq-2.92rel2-150400.16.12.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:dnsmasq-2.92rel2-150400.16.12.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:dnsmasq-2.92rel2-150400.16.12.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:dnsmasq-2.92rel2-150400.16.12.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:dnsmasq-2.92rel2-150400.16.12.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.3:dnsmasq-2.92rel2-150400.16.12.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.3:dnsmasq-2.92rel2-150400.16.12.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.3:dnsmasq-2.92rel2-150400.16.12.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.4:dnsmasq-2.92rel2-150400.16.12.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.4:dnsmasq-2.92rel2-150400.16.12.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.4:dnsmasq-2.92rel2-150400.16.12.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.5:dnsmasq-2.92rel2-150400.16.12.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.5:dnsmasq-2.92rel2-150400.16.12.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.5:dnsmasq-2.92rel2-150400.16.12.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.5:dnsmasq-2.92rel2-150400.16.12.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP7:dnsmasq-2.92rel2-150400.16.12.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP7:dnsmasq-2.92rel2-150400.16.12.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP7:dnsmasq-2.92rel2-150400.16.12.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP7:dnsmasq-2.92rel2-150400.16.12.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:dnsmasq-2.92rel2-150400.16.12.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:dnsmasq-2.92rel2-150400.16.12.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:dnsmasq-2.92rel2-150400.16.12.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:dnsmasq-2.92rel2-150400.16.12.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP5-LTSS:dnsmasq-2.92rel2-150400.16.12.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP5-LTSS:dnsmasq-2.92rel2-150400.16.12.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP5-LTSS:dnsmasq-2.92rel2-150400.16.12.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP5-LTSS:dnsmasq-2.92rel2-150400.16.12.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:dnsmasq-2.92rel2-150400.16.12.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:dnsmasq-2.92rel2-150400.16.12.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:dnsmasq-2.92rel2-150400.16.12.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:dnsmasq-2.92rel2-150400.16.12.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP4:dnsmasq-2.92rel2-150400.16.12.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP4:dnsmasq-2.92rel2-150400.16.12.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP5:dnsmasq-2.92rel2-150400.16.12.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP5:dnsmasq-2.92rel2-150400.16.12.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP6:dnsmasq-2.92rel2-150400.16.12.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP6:dnsmasq-2.92rel2-150400.16.12.1.x86_64 | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:dnsmasq-2.92rel2-150400.16.12.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:dnsmasq-2.92rel2-150400.16.12.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:dnsmasq-2.92rel2-150400.16.12.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:dnsmasq-2.92rel2-150400.16.12.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:dnsmasq-2.92rel2-150400.16.12.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:dnsmasq-2.92rel2-150400.16.12.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:dnsmasq-2.92rel2-150400.16.12.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:dnsmasq-2.92rel2-150400.16.12.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.3:dnsmasq-2.92rel2-150400.16.12.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.3:dnsmasq-2.92rel2-150400.16.12.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.3:dnsmasq-2.92rel2-150400.16.12.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.4:dnsmasq-2.92rel2-150400.16.12.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.4:dnsmasq-2.92rel2-150400.16.12.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.4:dnsmasq-2.92rel2-150400.16.12.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.5:dnsmasq-2.92rel2-150400.16.12.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.5:dnsmasq-2.92rel2-150400.16.12.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.5:dnsmasq-2.92rel2-150400.16.12.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.5:dnsmasq-2.92rel2-150400.16.12.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP7:dnsmasq-2.92rel2-150400.16.12.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP7:dnsmasq-2.92rel2-150400.16.12.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP7:dnsmasq-2.92rel2-150400.16.12.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP7:dnsmasq-2.92rel2-150400.16.12.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:dnsmasq-2.92rel2-150400.16.12.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:dnsmasq-2.92rel2-150400.16.12.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:dnsmasq-2.92rel2-150400.16.12.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:dnsmasq-2.92rel2-150400.16.12.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP5-LTSS:dnsmasq-2.92rel2-150400.16.12.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP5-LTSS:dnsmasq-2.92rel2-150400.16.12.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP5-LTSS:dnsmasq-2.92rel2-150400.16.12.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP5-LTSS:dnsmasq-2.92rel2-150400.16.12.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:dnsmasq-2.92rel2-150400.16.12.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:dnsmasq-2.92rel2-150400.16.12.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:dnsmasq-2.92rel2-150400.16.12.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:dnsmasq-2.92rel2-150400.16.12.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP4:dnsmasq-2.92rel2-150400.16.12.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP4:dnsmasq-2.92rel2-150400.16.12.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP5:dnsmasq-2.92rel2-150400.16.12.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP5:dnsmasq-2.92rel2-150400.16.12.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP6:dnsmasq-2.92rel2-150400.16.12.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP6:dnsmasq-2.92rel2-150400.16.12.1.x86_64 | — |
Vendor Fix
|
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for dnsmasq",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for dnsmasq fixes the following issues\n\nSecurity issues:\n\n- CVE-2026-4890: DoS vulnerability in the DNSSEC validation (bsc#1265001).\n- CVE-2026-4891: heap-based out-of-bounds read vulnerability in the DNSSEC validation (bsc#1265002).\n- CVE-2026-4892: heap-based out-of-bounds write vulnerability in the DHCPv6 implementation (bsc#1265003).\n- CVE-2026-4893: information disclosure vulnerability in dnsmasq allows remote attackers to bypass source checks\n (bsc#1265004).\n- CVE-2026-5172: buffer overflow in dnsmasq\u0027s extract_addresses() function (bsc#1265006).\n- CVE-2026-6507: out-of-bounds write in DHCP BOOTREPLY processing can lead to denial of service (bsc#1262487).\n\nNon security issues:\n\n- Updated to security release 2.92rel2.\n- aardvark-dns upstream tests make dnsmasq dump core (bsc#1247812).\n- Drop rcFOO symlinks for CODE16 (jsc#PED-266).\n- libnettle: update to 4.0 breaks dnsmasq and gnutls (bsc#1257934).\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2026-1934,SUSE-SLE-Micro-5.3-2026-1934,SUSE-SLE-Micro-5.4-2026-1934,SUSE-SLE-Micro-5.5-2026-1934,SUSE-SLE-Module-Basesystem-15-SP7-2026-1934,SUSE-SLE-Product-HPC-15-SP4-ESPOS-2026-1934,SUSE-SLE-Product-HPC-15-SP4-LTSS-2026-1934,SUSE-SLE-Product-HPC-15-SP5-ESPOS-2026-1934,SUSE-SLE-Product-HPC-15-SP5-LTSS-2026-1934,SUSE-SLE-Product-SLES-15-SP4-LTSS-2026-1934,SUSE-SLE-Product-SLES-15-SP5-LTSS-2026-1934,SUSE-SLE-Product-SLES-15-SP6-LTSS-2026-1934,SUSE-SLE-Product-SLES_SAP-15-SP4-2026-1934,SUSE-SLE-Product-SLES_SAP-15-SP5-2026-1934,SUSE-SLE-Product-SLES_SAP-15-SP6-2026-1934",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2026_1934-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2026:1934-1",
"url": "https://www.suse.com/support/update/announcement/2026/suse-su-20261934-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2026:1934-1",
"url": "https://lists.suse.com/pipermail/sle-updates/2026-May/046549.html"
},
{
"category": "self",
"summary": "SUSE Bug 1247812",
"url": "https://bugzilla.suse.com/1247812"
},
{
"category": "self",
"summary": "SUSE Bug 1257934",
"url": "https://bugzilla.suse.com/1257934"
},
{
"category": "self",
"summary": "SUSE Bug 1258251",
"url": "https://bugzilla.suse.com/1258251"
},
{
"category": "self",
"summary": "SUSE Bug 1262487",
"url": "https://bugzilla.suse.com/1262487"
},
{
"category": "self",
"summary": "SUSE Bug 1265001",
"url": "https://bugzilla.suse.com/1265001"
},
{
"category": "self",
"summary": "SUSE Bug 1265002",
"url": "https://bugzilla.suse.com/1265002"
},
{
"category": "self",
"summary": "SUSE Bug 1265003",
"url": "https://bugzilla.suse.com/1265003"
},
{
"category": "self",
"summary": "SUSE Bug 1265004",
"url": "https://bugzilla.suse.com/1265004"
},
{
"category": "self",
"summary": "SUSE Bug 1265006",
"url": "https://bugzilla.suse.com/1265006"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-2291 page",
"url": "https://www.suse.com/security/cve/CVE-2026-2291/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-4890 page",
"url": "https://www.suse.com/security/cve/CVE-2026-4890/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-4891 page",
"url": "https://www.suse.com/security/cve/CVE-2026-4891/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-4892 page",
"url": "https://www.suse.com/security/cve/CVE-2026-4892/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-4893 page",
"url": "https://www.suse.com/security/cve/CVE-2026-4893/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-5172 page",
"url": "https://www.suse.com/security/cve/CVE-2026-5172/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-6507 page",
"url": "https://www.suse.com/security/cve/CVE-2026-6507/"
}
],
"title": "Security update for dnsmasq",
"tracking": {
"current_release_date": "2026-05-18T07:40:10Z",
"generator": {
"date": "2026-05-18T07:40:10Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2026:1934-1",
"initial_release_date": "2026-05-18T07:40:10Z",
"revision_history": [
{
"date": "2026-05-18T07:40:10Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "dnsmasq-2.92rel2-150400.16.12.1.aarch64",
"product": {
"name": "dnsmasq-2.92rel2-150400.16.12.1.aarch64",
"product_id": "dnsmasq-2.92rel2-150400.16.12.1.aarch64"
}
},
{
"category": "product_version",
"name": "dnsmasq-utils-2.92rel2-150400.16.12.1.aarch64",
"product": {
"name": "dnsmasq-utils-2.92rel2-150400.16.12.1.aarch64",
"product_id": "dnsmasq-utils-2.92rel2-150400.16.12.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "dnsmasq-2.92rel2-150400.16.12.1.i586",
"product": {
"name": "dnsmasq-2.92rel2-150400.16.12.1.i586",
"product_id": "dnsmasq-2.92rel2-150400.16.12.1.i586"
}
},
{
"category": "product_version",
"name": "dnsmasq-utils-2.92rel2-150400.16.12.1.i586",
"product": {
"name": "dnsmasq-utils-2.92rel2-150400.16.12.1.i586",
"product_id": "dnsmasq-utils-2.92rel2-150400.16.12.1.i586"
}
}
],
"category": "architecture",
"name": "i586"
},
{
"branches": [
{
"category": "product_version",
"name": "dnsmasq-2.92rel2-150400.16.12.1.ppc64le",
"product": {
"name": "dnsmasq-2.92rel2-150400.16.12.1.ppc64le",
"product_id": "dnsmasq-2.92rel2-150400.16.12.1.ppc64le"
}
},
{
"category": "product_version",
"name": "dnsmasq-utils-2.92rel2-150400.16.12.1.ppc64le",
"product": {
"name": "dnsmasq-utils-2.92rel2-150400.16.12.1.ppc64le",
"product_id": "dnsmasq-utils-2.92rel2-150400.16.12.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "dnsmasq-2.92rel2-150400.16.12.1.s390x",
"product": {
"name": "dnsmasq-2.92rel2-150400.16.12.1.s390x",
"product_id": "dnsmasq-2.92rel2-150400.16.12.1.s390x"
}
},
{
"category": "product_version",
"name": "dnsmasq-utils-2.92rel2-150400.16.12.1.s390x",
"product": {
"name": "dnsmasq-utils-2.92rel2-150400.16.12.1.s390x",
"product_id": "dnsmasq-utils-2.92rel2-150400.16.12.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "dnsmasq-2.92rel2-150400.16.12.1.x86_64",
"product": {
"name": "dnsmasq-2.92rel2-150400.16.12.1.x86_64",
"product_id": "dnsmasq-2.92rel2-150400.16.12.1.x86_64"
}
},
{
"category": "product_version",
"name": "dnsmasq-utils-2.92rel2-150400.16.12.1.x86_64",
"product": {
"name": "dnsmasq-utils-2.92rel2-150400.16.12.1.x86_64",
"product_id": "dnsmasq-utils-2.92rel2-150400.16.12.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Micro 5.3",
"product": {
"name": "SUSE Linux Enterprise Micro 5.3",
"product_id": "SUSE Linux Enterprise Micro 5.3",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-micro:5.3"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Micro 5.4",
"product": {
"name": "SUSE Linux Enterprise Micro 5.4",
"product_id": "SUSE Linux Enterprise Micro 5.4",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-micro:5.4"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Micro 5.5",
"product": {
"name": "SUSE Linux Enterprise Micro 5.5",
"product_id": "SUSE Linux Enterprise Micro 5.5",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-micro:5.5"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Module for Basesystem 15 SP7",
"product": {
"name": "SUSE Linux Enterprise Module for Basesystem 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP7",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-module-basesystem:15:sp7"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS",
"product": {
"name": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle_hpc-espos:15:sp4"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS",
"product": {
"name": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle_hpc-ltss:15:sp4"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS",
"product": {
"name": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle_hpc-espos:15:sp5"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS",
"product": {
"name": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle_hpc-ltss:15:sp5"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 15 SP4-LTSS",
"product": {
"name": "SUSE Linux Enterprise Server 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP4-LTSS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles-ltss:15:sp4"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 15 SP5-LTSS",
"product": {
"name": "SUSE Linux Enterprise Server 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP5-LTSS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles-ltss:15:sp5"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 15 SP6-LTSS",
"product": {
"name": "SUSE Linux Enterprise Server 15 SP6-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP6-LTSS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles-ltss:15:sp6"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server for SAP Applications 15 SP4",
"product": {
"name": "SUSE Linux Enterprise Server for SAP Applications 15 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP4",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles_sap:15:sp4"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server for SAP Applications 15 SP5",
"product": {
"name": "SUSE Linux Enterprise Server for SAP Applications 15 SP5",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP5",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles_sap:15:sp5"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server for SAP Applications 15 SP6",
"product": {
"name": "SUSE Linux Enterprise Server for SAP Applications 15 SP6",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP6",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles_sap:15:sp6"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "dnsmasq-2.92rel2-150400.16.12.1.aarch64 as component of SUSE Linux Enterprise Micro 5.3",
"product_id": "SUSE Linux Enterprise Micro 5.3:dnsmasq-2.92rel2-150400.16.12.1.aarch64"
},
"product_reference": "dnsmasq-2.92rel2-150400.16.12.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dnsmasq-2.92rel2-150400.16.12.1.s390x as component of SUSE Linux Enterprise Micro 5.3",
"product_id": "SUSE Linux Enterprise Micro 5.3:dnsmasq-2.92rel2-150400.16.12.1.s390x"
},
"product_reference": "dnsmasq-2.92rel2-150400.16.12.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dnsmasq-2.92rel2-150400.16.12.1.x86_64 as component of SUSE Linux Enterprise Micro 5.3",
"product_id": "SUSE Linux Enterprise Micro 5.3:dnsmasq-2.92rel2-150400.16.12.1.x86_64"
},
"product_reference": "dnsmasq-2.92rel2-150400.16.12.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dnsmasq-2.92rel2-150400.16.12.1.aarch64 as component of SUSE Linux Enterprise Micro 5.4",
"product_id": "SUSE Linux Enterprise Micro 5.4:dnsmasq-2.92rel2-150400.16.12.1.aarch64"
},
"product_reference": "dnsmasq-2.92rel2-150400.16.12.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dnsmasq-2.92rel2-150400.16.12.1.s390x as component of SUSE Linux Enterprise Micro 5.4",
"product_id": "SUSE Linux Enterprise Micro 5.4:dnsmasq-2.92rel2-150400.16.12.1.s390x"
},
"product_reference": "dnsmasq-2.92rel2-150400.16.12.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dnsmasq-2.92rel2-150400.16.12.1.x86_64 as component of SUSE Linux Enterprise Micro 5.4",
"product_id": "SUSE Linux Enterprise Micro 5.4:dnsmasq-2.92rel2-150400.16.12.1.x86_64"
},
"product_reference": "dnsmasq-2.92rel2-150400.16.12.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dnsmasq-2.92rel2-150400.16.12.1.aarch64 as component of SUSE Linux Enterprise Micro 5.5",
"product_id": "SUSE Linux Enterprise Micro 5.5:dnsmasq-2.92rel2-150400.16.12.1.aarch64"
},
"product_reference": "dnsmasq-2.92rel2-150400.16.12.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dnsmasq-2.92rel2-150400.16.12.1.ppc64le as component of SUSE Linux Enterprise Micro 5.5",
"product_id": "SUSE Linux Enterprise Micro 5.5:dnsmasq-2.92rel2-150400.16.12.1.ppc64le"
},
"product_reference": "dnsmasq-2.92rel2-150400.16.12.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dnsmasq-2.92rel2-150400.16.12.1.s390x as component of SUSE Linux Enterprise Micro 5.5",
"product_id": "SUSE Linux Enterprise Micro 5.5:dnsmasq-2.92rel2-150400.16.12.1.s390x"
},
"product_reference": "dnsmasq-2.92rel2-150400.16.12.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dnsmasq-2.92rel2-150400.16.12.1.x86_64 as component of SUSE Linux Enterprise Micro 5.5",
"product_id": "SUSE Linux Enterprise Micro 5.5:dnsmasq-2.92rel2-150400.16.12.1.x86_64"
},
"product_reference": "dnsmasq-2.92rel2-150400.16.12.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dnsmasq-2.92rel2-150400.16.12.1.aarch64 as component of SUSE Linux Enterprise Module for Basesystem 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP7:dnsmasq-2.92rel2-150400.16.12.1.aarch64"
},
"product_reference": "dnsmasq-2.92rel2-150400.16.12.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dnsmasq-2.92rel2-150400.16.12.1.ppc64le as component of SUSE Linux Enterprise Module for Basesystem 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP7:dnsmasq-2.92rel2-150400.16.12.1.ppc64le"
},
"product_reference": "dnsmasq-2.92rel2-150400.16.12.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dnsmasq-2.92rel2-150400.16.12.1.s390x as component of SUSE Linux Enterprise Module for Basesystem 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP7:dnsmasq-2.92rel2-150400.16.12.1.s390x"
},
"product_reference": "dnsmasq-2.92rel2-150400.16.12.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dnsmasq-2.92rel2-150400.16.12.1.x86_64 as component of SUSE Linux Enterprise Module for Basesystem 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP7:dnsmasq-2.92rel2-150400.16.12.1.x86_64"
},
"product_reference": "dnsmasq-2.92rel2-150400.16.12.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dnsmasq-2.92rel2-150400.16.12.1.aarch64 as component of SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:dnsmasq-2.92rel2-150400.16.12.1.aarch64"
},
"product_reference": "dnsmasq-2.92rel2-150400.16.12.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dnsmasq-2.92rel2-150400.16.12.1.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:dnsmasq-2.92rel2-150400.16.12.1.x86_64"
},
"product_reference": "dnsmasq-2.92rel2-150400.16.12.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dnsmasq-2.92rel2-150400.16.12.1.aarch64 as component of SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:dnsmasq-2.92rel2-150400.16.12.1.aarch64"
},
"product_reference": "dnsmasq-2.92rel2-150400.16.12.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dnsmasq-2.92rel2-150400.16.12.1.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:dnsmasq-2.92rel2-150400.16.12.1.x86_64"
},
"product_reference": "dnsmasq-2.92rel2-150400.16.12.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dnsmasq-2.92rel2-150400.16.12.1.aarch64 as component of SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:dnsmasq-2.92rel2-150400.16.12.1.aarch64"
},
"product_reference": "dnsmasq-2.92rel2-150400.16.12.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dnsmasq-2.92rel2-150400.16.12.1.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:dnsmasq-2.92rel2-150400.16.12.1.x86_64"
},
"product_reference": "dnsmasq-2.92rel2-150400.16.12.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dnsmasq-2.92rel2-150400.16.12.1.aarch64 as component of SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:dnsmasq-2.92rel2-150400.16.12.1.aarch64"
},
"product_reference": "dnsmasq-2.92rel2-150400.16.12.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dnsmasq-2.92rel2-150400.16.12.1.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:dnsmasq-2.92rel2-150400.16.12.1.x86_64"
},
"product_reference": "dnsmasq-2.92rel2-150400.16.12.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dnsmasq-2.92rel2-150400.16.12.1.aarch64 as component of SUSE Linux Enterprise Server 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP4-LTSS:dnsmasq-2.92rel2-150400.16.12.1.aarch64"
},
"product_reference": "dnsmasq-2.92rel2-150400.16.12.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dnsmasq-2.92rel2-150400.16.12.1.ppc64le as component of SUSE Linux Enterprise Server 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP4-LTSS:dnsmasq-2.92rel2-150400.16.12.1.ppc64le"
},
"product_reference": "dnsmasq-2.92rel2-150400.16.12.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dnsmasq-2.92rel2-150400.16.12.1.s390x as component of SUSE Linux Enterprise Server 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP4-LTSS:dnsmasq-2.92rel2-150400.16.12.1.s390x"
},
"product_reference": "dnsmasq-2.92rel2-150400.16.12.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dnsmasq-2.92rel2-150400.16.12.1.x86_64 as component of SUSE Linux Enterprise Server 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP4-LTSS:dnsmasq-2.92rel2-150400.16.12.1.x86_64"
},
"product_reference": "dnsmasq-2.92rel2-150400.16.12.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dnsmasq-2.92rel2-150400.16.12.1.aarch64 as component of SUSE Linux Enterprise Server 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP5-LTSS:dnsmasq-2.92rel2-150400.16.12.1.aarch64"
},
"product_reference": "dnsmasq-2.92rel2-150400.16.12.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dnsmasq-2.92rel2-150400.16.12.1.ppc64le as component of SUSE Linux Enterprise Server 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP5-LTSS:dnsmasq-2.92rel2-150400.16.12.1.ppc64le"
},
"product_reference": "dnsmasq-2.92rel2-150400.16.12.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dnsmasq-2.92rel2-150400.16.12.1.s390x as component of SUSE Linux Enterprise Server 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP5-LTSS:dnsmasq-2.92rel2-150400.16.12.1.s390x"
},
"product_reference": "dnsmasq-2.92rel2-150400.16.12.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dnsmasq-2.92rel2-150400.16.12.1.x86_64 as component of SUSE Linux Enterprise Server 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP5-LTSS:dnsmasq-2.92rel2-150400.16.12.1.x86_64"
},
"product_reference": "dnsmasq-2.92rel2-150400.16.12.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dnsmasq-2.92rel2-150400.16.12.1.aarch64 as component of SUSE Linux Enterprise Server 15 SP6-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP6-LTSS:dnsmasq-2.92rel2-150400.16.12.1.aarch64"
},
"product_reference": "dnsmasq-2.92rel2-150400.16.12.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP6-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dnsmasq-2.92rel2-150400.16.12.1.ppc64le as component of SUSE Linux Enterprise Server 15 SP6-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP6-LTSS:dnsmasq-2.92rel2-150400.16.12.1.ppc64le"
},
"product_reference": "dnsmasq-2.92rel2-150400.16.12.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP6-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dnsmasq-2.92rel2-150400.16.12.1.s390x as component of SUSE Linux Enterprise Server 15 SP6-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP6-LTSS:dnsmasq-2.92rel2-150400.16.12.1.s390x"
},
"product_reference": "dnsmasq-2.92rel2-150400.16.12.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP6-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dnsmasq-2.92rel2-150400.16.12.1.x86_64 as component of SUSE Linux Enterprise Server 15 SP6-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP6-LTSS:dnsmasq-2.92rel2-150400.16.12.1.x86_64"
},
"product_reference": "dnsmasq-2.92rel2-150400.16.12.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP6-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dnsmasq-2.92rel2-150400.16.12.1.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 15 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP4:dnsmasq-2.92rel2-150400.16.12.1.ppc64le"
},
"product_reference": "dnsmasq-2.92rel2-150400.16.12.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dnsmasq-2.92rel2-150400.16.12.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 15 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP4:dnsmasq-2.92rel2-150400.16.12.1.x86_64"
},
"product_reference": "dnsmasq-2.92rel2-150400.16.12.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dnsmasq-2.92rel2-150400.16.12.1.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 15 SP5",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP5:dnsmasq-2.92rel2-150400.16.12.1.ppc64le"
},
"product_reference": "dnsmasq-2.92rel2-150400.16.12.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dnsmasq-2.92rel2-150400.16.12.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 15 SP5",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP5:dnsmasq-2.92rel2-150400.16.12.1.x86_64"
},
"product_reference": "dnsmasq-2.92rel2-150400.16.12.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dnsmasq-2.92rel2-150400.16.12.1.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 15 SP6",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP6:dnsmasq-2.92rel2-150400.16.12.1.ppc64le"
},
"product_reference": "dnsmasq-2.92rel2-150400.16.12.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dnsmasq-2.92rel2-150400.16.12.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 15 SP6",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP6:dnsmasq-2.92rel2-150400.16.12.1.x86_64"
},
"product_reference": "dnsmasq-2.92rel2-150400.16.12.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP6"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2026-2291",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-2291"
}
],
"notes": [
{
"category": "general",
"text": "dnsmasqs extract_name() function can be abused to cause a heap buffer overflow, allowing an attacker to inject false DNS cache entries, which could result in DNS lookups to redirect to an attacker-controlled IP address, or to cause a DoS.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:dnsmasq-2.92rel2-150400.16.12.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:dnsmasq-2.92rel2-150400.16.12.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:dnsmasq-2.92rel2-150400.16.12.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:dnsmasq-2.92rel2-150400.16.12.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:dnsmasq-2.92rel2-150400.16.12.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:dnsmasq-2.92rel2-150400.16.12.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:dnsmasq-2.92rel2-150400.16.12.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:dnsmasq-2.92rel2-150400.16.12.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:dnsmasq-2.92rel2-150400.16.12.1.aarch64",
"SUSE Linux Enterprise Micro 5.3:dnsmasq-2.92rel2-150400.16.12.1.s390x",
"SUSE Linux Enterprise Micro 5.3:dnsmasq-2.92rel2-150400.16.12.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:dnsmasq-2.92rel2-150400.16.12.1.aarch64",
"SUSE Linux Enterprise Micro 5.4:dnsmasq-2.92rel2-150400.16.12.1.s390x",
"SUSE Linux Enterprise Micro 5.4:dnsmasq-2.92rel2-150400.16.12.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:dnsmasq-2.92rel2-150400.16.12.1.aarch64",
"SUSE Linux Enterprise Micro 5.5:dnsmasq-2.92rel2-150400.16.12.1.ppc64le",
"SUSE Linux Enterprise Micro 5.5:dnsmasq-2.92rel2-150400.16.12.1.s390x",
"SUSE Linux Enterprise Micro 5.5:dnsmasq-2.92rel2-150400.16.12.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:dnsmasq-2.92rel2-150400.16.12.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:dnsmasq-2.92rel2-150400.16.12.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:dnsmasq-2.92rel2-150400.16.12.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:dnsmasq-2.92rel2-150400.16.12.1.x86_64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:dnsmasq-2.92rel2-150400.16.12.1.aarch64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:dnsmasq-2.92rel2-150400.16.12.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP4-LTSS:dnsmasq-2.92rel2-150400.16.12.1.s390x",
"SUSE Linux Enterprise Server 15 SP4-LTSS:dnsmasq-2.92rel2-150400.16.12.1.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:dnsmasq-2.92rel2-150400.16.12.1.aarch64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:dnsmasq-2.92rel2-150400.16.12.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP5-LTSS:dnsmasq-2.92rel2-150400.16.12.1.s390x",
"SUSE Linux Enterprise Server 15 SP5-LTSS:dnsmasq-2.92rel2-150400.16.12.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:dnsmasq-2.92rel2-150400.16.12.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:dnsmasq-2.92rel2-150400.16.12.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:dnsmasq-2.92rel2-150400.16.12.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:dnsmasq-2.92rel2-150400.16.12.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:dnsmasq-2.92rel2-150400.16.12.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:dnsmasq-2.92rel2-150400.16.12.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:dnsmasq-2.92rel2-150400.16.12.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:dnsmasq-2.92rel2-150400.16.12.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:dnsmasq-2.92rel2-150400.16.12.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:dnsmasq-2.92rel2-150400.16.12.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-2291",
"url": "https://www.suse.com/security/cve/CVE-2026-2291"
},
{
"category": "external",
"summary": "SUSE Bug 1258251 for CVE-2026-2291",
"url": "https://bugzilla.suse.com/1258251"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:dnsmasq-2.92rel2-150400.16.12.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:dnsmasq-2.92rel2-150400.16.12.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:dnsmasq-2.92rel2-150400.16.12.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:dnsmasq-2.92rel2-150400.16.12.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:dnsmasq-2.92rel2-150400.16.12.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:dnsmasq-2.92rel2-150400.16.12.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:dnsmasq-2.92rel2-150400.16.12.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:dnsmasq-2.92rel2-150400.16.12.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:dnsmasq-2.92rel2-150400.16.12.1.aarch64",
"SUSE Linux Enterprise Micro 5.3:dnsmasq-2.92rel2-150400.16.12.1.s390x",
"SUSE Linux Enterprise Micro 5.3:dnsmasq-2.92rel2-150400.16.12.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:dnsmasq-2.92rel2-150400.16.12.1.aarch64",
"SUSE Linux Enterprise Micro 5.4:dnsmasq-2.92rel2-150400.16.12.1.s390x",
"SUSE Linux Enterprise Micro 5.4:dnsmasq-2.92rel2-150400.16.12.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:dnsmasq-2.92rel2-150400.16.12.1.aarch64",
"SUSE Linux Enterprise Micro 5.5:dnsmasq-2.92rel2-150400.16.12.1.ppc64le",
"SUSE Linux Enterprise Micro 5.5:dnsmasq-2.92rel2-150400.16.12.1.s390x",
"SUSE Linux Enterprise Micro 5.5:dnsmasq-2.92rel2-150400.16.12.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:dnsmasq-2.92rel2-150400.16.12.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:dnsmasq-2.92rel2-150400.16.12.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:dnsmasq-2.92rel2-150400.16.12.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:dnsmasq-2.92rel2-150400.16.12.1.x86_64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:dnsmasq-2.92rel2-150400.16.12.1.aarch64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:dnsmasq-2.92rel2-150400.16.12.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP4-LTSS:dnsmasq-2.92rel2-150400.16.12.1.s390x",
"SUSE Linux Enterprise Server 15 SP4-LTSS:dnsmasq-2.92rel2-150400.16.12.1.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:dnsmasq-2.92rel2-150400.16.12.1.aarch64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:dnsmasq-2.92rel2-150400.16.12.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP5-LTSS:dnsmasq-2.92rel2-150400.16.12.1.s390x",
"SUSE Linux Enterprise Server 15 SP5-LTSS:dnsmasq-2.92rel2-150400.16.12.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:dnsmasq-2.92rel2-150400.16.12.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:dnsmasq-2.92rel2-150400.16.12.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:dnsmasq-2.92rel2-150400.16.12.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:dnsmasq-2.92rel2-150400.16.12.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:dnsmasq-2.92rel2-150400.16.12.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:dnsmasq-2.92rel2-150400.16.12.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:dnsmasq-2.92rel2-150400.16.12.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:dnsmasq-2.92rel2-150400.16.12.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:dnsmasq-2.92rel2-150400.16.12.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:dnsmasq-2.92rel2-150400.16.12.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:dnsmasq-2.92rel2-150400.16.12.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:dnsmasq-2.92rel2-150400.16.12.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:dnsmasq-2.92rel2-150400.16.12.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:dnsmasq-2.92rel2-150400.16.12.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:dnsmasq-2.92rel2-150400.16.12.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:dnsmasq-2.92rel2-150400.16.12.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:dnsmasq-2.92rel2-150400.16.12.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:dnsmasq-2.92rel2-150400.16.12.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:dnsmasq-2.92rel2-150400.16.12.1.aarch64",
"SUSE Linux Enterprise Micro 5.3:dnsmasq-2.92rel2-150400.16.12.1.s390x",
"SUSE Linux Enterprise Micro 5.3:dnsmasq-2.92rel2-150400.16.12.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:dnsmasq-2.92rel2-150400.16.12.1.aarch64",
"SUSE Linux Enterprise Micro 5.4:dnsmasq-2.92rel2-150400.16.12.1.s390x",
"SUSE Linux Enterprise Micro 5.4:dnsmasq-2.92rel2-150400.16.12.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:dnsmasq-2.92rel2-150400.16.12.1.aarch64",
"SUSE Linux Enterprise Micro 5.5:dnsmasq-2.92rel2-150400.16.12.1.ppc64le",
"SUSE Linux Enterprise Micro 5.5:dnsmasq-2.92rel2-150400.16.12.1.s390x",
"SUSE Linux Enterprise Micro 5.5:dnsmasq-2.92rel2-150400.16.12.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:dnsmasq-2.92rel2-150400.16.12.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:dnsmasq-2.92rel2-150400.16.12.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:dnsmasq-2.92rel2-150400.16.12.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:dnsmasq-2.92rel2-150400.16.12.1.x86_64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:dnsmasq-2.92rel2-150400.16.12.1.aarch64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:dnsmasq-2.92rel2-150400.16.12.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP4-LTSS:dnsmasq-2.92rel2-150400.16.12.1.s390x",
"SUSE Linux Enterprise Server 15 SP4-LTSS:dnsmasq-2.92rel2-150400.16.12.1.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:dnsmasq-2.92rel2-150400.16.12.1.aarch64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:dnsmasq-2.92rel2-150400.16.12.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP5-LTSS:dnsmasq-2.92rel2-150400.16.12.1.s390x",
"SUSE Linux Enterprise Server 15 SP5-LTSS:dnsmasq-2.92rel2-150400.16.12.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:dnsmasq-2.92rel2-150400.16.12.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:dnsmasq-2.92rel2-150400.16.12.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:dnsmasq-2.92rel2-150400.16.12.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:dnsmasq-2.92rel2-150400.16.12.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:dnsmasq-2.92rel2-150400.16.12.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:dnsmasq-2.92rel2-150400.16.12.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:dnsmasq-2.92rel2-150400.16.12.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:dnsmasq-2.92rel2-150400.16.12.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:dnsmasq-2.92rel2-150400.16.12.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:dnsmasq-2.92rel2-150400.16.12.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-05-18T07:40:10Z",
"details": "important"
}
],
"title": "CVE-2026-2291"
},
{
"cve": "CVE-2026-4890",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-4890"
}
],
"notes": [
{
"category": "general",
"text": "A Denial of Service (DoS) vulnerability in the DNSSEC validation of dnsmasq allows remote attackers to cause a denial of service via a crafted DNS packet.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:dnsmasq-2.92rel2-150400.16.12.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:dnsmasq-2.92rel2-150400.16.12.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:dnsmasq-2.92rel2-150400.16.12.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:dnsmasq-2.92rel2-150400.16.12.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:dnsmasq-2.92rel2-150400.16.12.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:dnsmasq-2.92rel2-150400.16.12.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:dnsmasq-2.92rel2-150400.16.12.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:dnsmasq-2.92rel2-150400.16.12.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:dnsmasq-2.92rel2-150400.16.12.1.aarch64",
"SUSE Linux Enterprise Micro 5.3:dnsmasq-2.92rel2-150400.16.12.1.s390x",
"SUSE Linux Enterprise Micro 5.3:dnsmasq-2.92rel2-150400.16.12.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:dnsmasq-2.92rel2-150400.16.12.1.aarch64",
"SUSE Linux Enterprise Micro 5.4:dnsmasq-2.92rel2-150400.16.12.1.s390x",
"SUSE Linux Enterprise Micro 5.4:dnsmasq-2.92rel2-150400.16.12.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:dnsmasq-2.92rel2-150400.16.12.1.aarch64",
"SUSE Linux Enterprise Micro 5.5:dnsmasq-2.92rel2-150400.16.12.1.ppc64le",
"SUSE Linux Enterprise Micro 5.5:dnsmasq-2.92rel2-150400.16.12.1.s390x",
"SUSE Linux Enterprise Micro 5.5:dnsmasq-2.92rel2-150400.16.12.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:dnsmasq-2.92rel2-150400.16.12.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:dnsmasq-2.92rel2-150400.16.12.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:dnsmasq-2.92rel2-150400.16.12.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:dnsmasq-2.92rel2-150400.16.12.1.x86_64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:dnsmasq-2.92rel2-150400.16.12.1.aarch64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:dnsmasq-2.92rel2-150400.16.12.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP4-LTSS:dnsmasq-2.92rel2-150400.16.12.1.s390x",
"SUSE Linux Enterprise Server 15 SP4-LTSS:dnsmasq-2.92rel2-150400.16.12.1.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:dnsmasq-2.92rel2-150400.16.12.1.aarch64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:dnsmasq-2.92rel2-150400.16.12.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP5-LTSS:dnsmasq-2.92rel2-150400.16.12.1.s390x",
"SUSE Linux Enterprise Server 15 SP5-LTSS:dnsmasq-2.92rel2-150400.16.12.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:dnsmasq-2.92rel2-150400.16.12.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:dnsmasq-2.92rel2-150400.16.12.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:dnsmasq-2.92rel2-150400.16.12.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:dnsmasq-2.92rel2-150400.16.12.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:dnsmasq-2.92rel2-150400.16.12.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:dnsmasq-2.92rel2-150400.16.12.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:dnsmasq-2.92rel2-150400.16.12.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:dnsmasq-2.92rel2-150400.16.12.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:dnsmasq-2.92rel2-150400.16.12.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:dnsmasq-2.92rel2-150400.16.12.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-4890",
"url": "https://www.suse.com/security/cve/CVE-2026-4890"
},
{
"category": "external",
"summary": "SUSE Bug 1265001 for CVE-2026-4890",
"url": "https://bugzilla.suse.com/1265001"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:dnsmasq-2.92rel2-150400.16.12.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:dnsmasq-2.92rel2-150400.16.12.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:dnsmasq-2.92rel2-150400.16.12.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:dnsmasq-2.92rel2-150400.16.12.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:dnsmasq-2.92rel2-150400.16.12.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:dnsmasq-2.92rel2-150400.16.12.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:dnsmasq-2.92rel2-150400.16.12.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:dnsmasq-2.92rel2-150400.16.12.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:dnsmasq-2.92rel2-150400.16.12.1.aarch64",
"SUSE Linux Enterprise Micro 5.3:dnsmasq-2.92rel2-150400.16.12.1.s390x",
"SUSE Linux Enterprise Micro 5.3:dnsmasq-2.92rel2-150400.16.12.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:dnsmasq-2.92rel2-150400.16.12.1.aarch64",
"SUSE Linux Enterprise Micro 5.4:dnsmasq-2.92rel2-150400.16.12.1.s390x",
"SUSE Linux Enterprise Micro 5.4:dnsmasq-2.92rel2-150400.16.12.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:dnsmasq-2.92rel2-150400.16.12.1.aarch64",
"SUSE Linux Enterprise Micro 5.5:dnsmasq-2.92rel2-150400.16.12.1.ppc64le",
"SUSE Linux Enterprise Micro 5.5:dnsmasq-2.92rel2-150400.16.12.1.s390x",
"SUSE Linux Enterprise Micro 5.5:dnsmasq-2.92rel2-150400.16.12.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:dnsmasq-2.92rel2-150400.16.12.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:dnsmasq-2.92rel2-150400.16.12.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:dnsmasq-2.92rel2-150400.16.12.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:dnsmasq-2.92rel2-150400.16.12.1.x86_64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:dnsmasq-2.92rel2-150400.16.12.1.aarch64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:dnsmasq-2.92rel2-150400.16.12.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP4-LTSS:dnsmasq-2.92rel2-150400.16.12.1.s390x",
"SUSE Linux Enterprise Server 15 SP4-LTSS:dnsmasq-2.92rel2-150400.16.12.1.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:dnsmasq-2.92rel2-150400.16.12.1.aarch64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:dnsmasq-2.92rel2-150400.16.12.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP5-LTSS:dnsmasq-2.92rel2-150400.16.12.1.s390x",
"SUSE Linux Enterprise Server 15 SP5-LTSS:dnsmasq-2.92rel2-150400.16.12.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:dnsmasq-2.92rel2-150400.16.12.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:dnsmasq-2.92rel2-150400.16.12.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:dnsmasq-2.92rel2-150400.16.12.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:dnsmasq-2.92rel2-150400.16.12.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:dnsmasq-2.92rel2-150400.16.12.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:dnsmasq-2.92rel2-150400.16.12.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:dnsmasq-2.92rel2-150400.16.12.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:dnsmasq-2.92rel2-150400.16.12.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:dnsmasq-2.92rel2-150400.16.12.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:dnsmasq-2.92rel2-150400.16.12.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:dnsmasq-2.92rel2-150400.16.12.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:dnsmasq-2.92rel2-150400.16.12.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:dnsmasq-2.92rel2-150400.16.12.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:dnsmasq-2.92rel2-150400.16.12.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:dnsmasq-2.92rel2-150400.16.12.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:dnsmasq-2.92rel2-150400.16.12.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:dnsmasq-2.92rel2-150400.16.12.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:dnsmasq-2.92rel2-150400.16.12.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:dnsmasq-2.92rel2-150400.16.12.1.aarch64",
"SUSE Linux Enterprise Micro 5.3:dnsmasq-2.92rel2-150400.16.12.1.s390x",
"SUSE Linux Enterprise Micro 5.3:dnsmasq-2.92rel2-150400.16.12.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:dnsmasq-2.92rel2-150400.16.12.1.aarch64",
"SUSE Linux Enterprise Micro 5.4:dnsmasq-2.92rel2-150400.16.12.1.s390x",
"SUSE Linux Enterprise Micro 5.4:dnsmasq-2.92rel2-150400.16.12.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:dnsmasq-2.92rel2-150400.16.12.1.aarch64",
"SUSE Linux Enterprise Micro 5.5:dnsmasq-2.92rel2-150400.16.12.1.ppc64le",
"SUSE Linux Enterprise Micro 5.5:dnsmasq-2.92rel2-150400.16.12.1.s390x",
"SUSE Linux Enterprise Micro 5.5:dnsmasq-2.92rel2-150400.16.12.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:dnsmasq-2.92rel2-150400.16.12.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:dnsmasq-2.92rel2-150400.16.12.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:dnsmasq-2.92rel2-150400.16.12.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:dnsmasq-2.92rel2-150400.16.12.1.x86_64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:dnsmasq-2.92rel2-150400.16.12.1.aarch64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:dnsmasq-2.92rel2-150400.16.12.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP4-LTSS:dnsmasq-2.92rel2-150400.16.12.1.s390x",
"SUSE Linux Enterprise Server 15 SP4-LTSS:dnsmasq-2.92rel2-150400.16.12.1.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:dnsmasq-2.92rel2-150400.16.12.1.aarch64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:dnsmasq-2.92rel2-150400.16.12.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP5-LTSS:dnsmasq-2.92rel2-150400.16.12.1.s390x",
"SUSE Linux Enterprise Server 15 SP5-LTSS:dnsmasq-2.92rel2-150400.16.12.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:dnsmasq-2.92rel2-150400.16.12.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:dnsmasq-2.92rel2-150400.16.12.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:dnsmasq-2.92rel2-150400.16.12.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:dnsmasq-2.92rel2-150400.16.12.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:dnsmasq-2.92rel2-150400.16.12.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:dnsmasq-2.92rel2-150400.16.12.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:dnsmasq-2.92rel2-150400.16.12.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:dnsmasq-2.92rel2-150400.16.12.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:dnsmasq-2.92rel2-150400.16.12.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:dnsmasq-2.92rel2-150400.16.12.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-05-18T07:40:10Z",
"details": "important"
}
],
"title": "CVE-2026-4890"
},
{
"cve": "CVE-2026-4891",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-4891"
}
],
"notes": [
{
"category": "general",
"text": "A heap-based out-of-bounds read vulnerability in the DNSSEC validation of dnsmasq allows remote attackers to cause a denial of service via a crafted DNS packet.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:dnsmasq-2.92rel2-150400.16.12.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:dnsmasq-2.92rel2-150400.16.12.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:dnsmasq-2.92rel2-150400.16.12.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:dnsmasq-2.92rel2-150400.16.12.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:dnsmasq-2.92rel2-150400.16.12.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:dnsmasq-2.92rel2-150400.16.12.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:dnsmasq-2.92rel2-150400.16.12.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:dnsmasq-2.92rel2-150400.16.12.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:dnsmasq-2.92rel2-150400.16.12.1.aarch64",
"SUSE Linux Enterprise Micro 5.3:dnsmasq-2.92rel2-150400.16.12.1.s390x",
"SUSE Linux Enterprise Micro 5.3:dnsmasq-2.92rel2-150400.16.12.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:dnsmasq-2.92rel2-150400.16.12.1.aarch64",
"SUSE Linux Enterprise Micro 5.4:dnsmasq-2.92rel2-150400.16.12.1.s390x",
"SUSE Linux Enterprise Micro 5.4:dnsmasq-2.92rel2-150400.16.12.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:dnsmasq-2.92rel2-150400.16.12.1.aarch64",
"SUSE Linux Enterprise Micro 5.5:dnsmasq-2.92rel2-150400.16.12.1.ppc64le",
"SUSE Linux Enterprise Micro 5.5:dnsmasq-2.92rel2-150400.16.12.1.s390x",
"SUSE Linux Enterprise Micro 5.5:dnsmasq-2.92rel2-150400.16.12.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:dnsmasq-2.92rel2-150400.16.12.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:dnsmasq-2.92rel2-150400.16.12.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:dnsmasq-2.92rel2-150400.16.12.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:dnsmasq-2.92rel2-150400.16.12.1.x86_64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:dnsmasq-2.92rel2-150400.16.12.1.aarch64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:dnsmasq-2.92rel2-150400.16.12.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP4-LTSS:dnsmasq-2.92rel2-150400.16.12.1.s390x",
"SUSE Linux Enterprise Server 15 SP4-LTSS:dnsmasq-2.92rel2-150400.16.12.1.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:dnsmasq-2.92rel2-150400.16.12.1.aarch64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:dnsmasq-2.92rel2-150400.16.12.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP5-LTSS:dnsmasq-2.92rel2-150400.16.12.1.s390x",
"SUSE Linux Enterprise Server 15 SP5-LTSS:dnsmasq-2.92rel2-150400.16.12.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:dnsmasq-2.92rel2-150400.16.12.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:dnsmasq-2.92rel2-150400.16.12.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:dnsmasq-2.92rel2-150400.16.12.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:dnsmasq-2.92rel2-150400.16.12.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:dnsmasq-2.92rel2-150400.16.12.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:dnsmasq-2.92rel2-150400.16.12.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:dnsmasq-2.92rel2-150400.16.12.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:dnsmasq-2.92rel2-150400.16.12.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:dnsmasq-2.92rel2-150400.16.12.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:dnsmasq-2.92rel2-150400.16.12.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-4891",
"url": "https://www.suse.com/security/cve/CVE-2026-4891"
},
{
"category": "external",
"summary": "SUSE Bug 1265002 for CVE-2026-4891",
"url": "https://bugzilla.suse.com/1265002"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:dnsmasq-2.92rel2-150400.16.12.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:dnsmasq-2.92rel2-150400.16.12.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:dnsmasq-2.92rel2-150400.16.12.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:dnsmasq-2.92rel2-150400.16.12.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:dnsmasq-2.92rel2-150400.16.12.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:dnsmasq-2.92rel2-150400.16.12.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:dnsmasq-2.92rel2-150400.16.12.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:dnsmasq-2.92rel2-150400.16.12.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:dnsmasq-2.92rel2-150400.16.12.1.aarch64",
"SUSE Linux Enterprise Micro 5.3:dnsmasq-2.92rel2-150400.16.12.1.s390x",
"SUSE Linux Enterprise Micro 5.3:dnsmasq-2.92rel2-150400.16.12.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:dnsmasq-2.92rel2-150400.16.12.1.aarch64",
"SUSE Linux Enterprise Micro 5.4:dnsmasq-2.92rel2-150400.16.12.1.s390x",
"SUSE Linux Enterprise Micro 5.4:dnsmasq-2.92rel2-150400.16.12.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:dnsmasq-2.92rel2-150400.16.12.1.aarch64",
"SUSE Linux Enterprise Micro 5.5:dnsmasq-2.92rel2-150400.16.12.1.ppc64le",
"SUSE Linux Enterprise Micro 5.5:dnsmasq-2.92rel2-150400.16.12.1.s390x",
"SUSE Linux Enterprise Micro 5.5:dnsmasq-2.92rel2-150400.16.12.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:dnsmasq-2.92rel2-150400.16.12.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:dnsmasq-2.92rel2-150400.16.12.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:dnsmasq-2.92rel2-150400.16.12.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:dnsmasq-2.92rel2-150400.16.12.1.x86_64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:dnsmasq-2.92rel2-150400.16.12.1.aarch64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:dnsmasq-2.92rel2-150400.16.12.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP4-LTSS:dnsmasq-2.92rel2-150400.16.12.1.s390x",
"SUSE Linux Enterprise Server 15 SP4-LTSS:dnsmasq-2.92rel2-150400.16.12.1.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:dnsmasq-2.92rel2-150400.16.12.1.aarch64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:dnsmasq-2.92rel2-150400.16.12.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP5-LTSS:dnsmasq-2.92rel2-150400.16.12.1.s390x",
"SUSE Linux Enterprise Server 15 SP5-LTSS:dnsmasq-2.92rel2-150400.16.12.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:dnsmasq-2.92rel2-150400.16.12.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:dnsmasq-2.92rel2-150400.16.12.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:dnsmasq-2.92rel2-150400.16.12.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:dnsmasq-2.92rel2-150400.16.12.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:dnsmasq-2.92rel2-150400.16.12.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:dnsmasq-2.92rel2-150400.16.12.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:dnsmasq-2.92rel2-150400.16.12.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:dnsmasq-2.92rel2-150400.16.12.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:dnsmasq-2.92rel2-150400.16.12.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:dnsmasq-2.92rel2-150400.16.12.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:dnsmasq-2.92rel2-150400.16.12.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:dnsmasq-2.92rel2-150400.16.12.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:dnsmasq-2.92rel2-150400.16.12.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:dnsmasq-2.92rel2-150400.16.12.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:dnsmasq-2.92rel2-150400.16.12.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:dnsmasq-2.92rel2-150400.16.12.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:dnsmasq-2.92rel2-150400.16.12.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:dnsmasq-2.92rel2-150400.16.12.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:dnsmasq-2.92rel2-150400.16.12.1.aarch64",
"SUSE Linux Enterprise Micro 5.3:dnsmasq-2.92rel2-150400.16.12.1.s390x",
"SUSE Linux Enterprise Micro 5.3:dnsmasq-2.92rel2-150400.16.12.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:dnsmasq-2.92rel2-150400.16.12.1.aarch64",
"SUSE Linux Enterprise Micro 5.4:dnsmasq-2.92rel2-150400.16.12.1.s390x",
"SUSE Linux Enterprise Micro 5.4:dnsmasq-2.92rel2-150400.16.12.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:dnsmasq-2.92rel2-150400.16.12.1.aarch64",
"SUSE Linux Enterprise Micro 5.5:dnsmasq-2.92rel2-150400.16.12.1.ppc64le",
"SUSE Linux Enterprise Micro 5.5:dnsmasq-2.92rel2-150400.16.12.1.s390x",
"SUSE Linux Enterprise Micro 5.5:dnsmasq-2.92rel2-150400.16.12.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:dnsmasq-2.92rel2-150400.16.12.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:dnsmasq-2.92rel2-150400.16.12.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:dnsmasq-2.92rel2-150400.16.12.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:dnsmasq-2.92rel2-150400.16.12.1.x86_64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:dnsmasq-2.92rel2-150400.16.12.1.aarch64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:dnsmasq-2.92rel2-150400.16.12.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP4-LTSS:dnsmasq-2.92rel2-150400.16.12.1.s390x",
"SUSE Linux Enterprise Server 15 SP4-LTSS:dnsmasq-2.92rel2-150400.16.12.1.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:dnsmasq-2.92rel2-150400.16.12.1.aarch64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:dnsmasq-2.92rel2-150400.16.12.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP5-LTSS:dnsmasq-2.92rel2-150400.16.12.1.s390x",
"SUSE Linux Enterprise Server 15 SP5-LTSS:dnsmasq-2.92rel2-150400.16.12.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:dnsmasq-2.92rel2-150400.16.12.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:dnsmasq-2.92rel2-150400.16.12.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:dnsmasq-2.92rel2-150400.16.12.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:dnsmasq-2.92rel2-150400.16.12.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:dnsmasq-2.92rel2-150400.16.12.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:dnsmasq-2.92rel2-150400.16.12.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:dnsmasq-2.92rel2-150400.16.12.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:dnsmasq-2.92rel2-150400.16.12.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:dnsmasq-2.92rel2-150400.16.12.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:dnsmasq-2.92rel2-150400.16.12.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-05-18T07:40:10Z",
"details": "moderate"
}
],
"title": "CVE-2026-4891"
},
{
"cve": "CVE-2026-4892",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-4892"
}
],
"notes": [
{
"category": "general",
"text": "A heap-based out-of-bounds write vulnerability in the DHCPv6 implementation of dnsmasq allows local attackers to execute arbitrary code with root privileges via a crafted DHCPv6 packet.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:dnsmasq-2.92rel2-150400.16.12.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:dnsmasq-2.92rel2-150400.16.12.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:dnsmasq-2.92rel2-150400.16.12.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:dnsmasq-2.92rel2-150400.16.12.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:dnsmasq-2.92rel2-150400.16.12.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:dnsmasq-2.92rel2-150400.16.12.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:dnsmasq-2.92rel2-150400.16.12.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:dnsmasq-2.92rel2-150400.16.12.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:dnsmasq-2.92rel2-150400.16.12.1.aarch64",
"SUSE Linux Enterprise Micro 5.3:dnsmasq-2.92rel2-150400.16.12.1.s390x",
"SUSE Linux Enterprise Micro 5.3:dnsmasq-2.92rel2-150400.16.12.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:dnsmasq-2.92rel2-150400.16.12.1.aarch64",
"SUSE Linux Enterprise Micro 5.4:dnsmasq-2.92rel2-150400.16.12.1.s390x",
"SUSE Linux Enterprise Micro 5.4:dnsmasq-2.92rel2-150400.16.12.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:dnsmasq-2.92rel2-150400.16.12.1.aarch64",
"SUSE Linux Enterprise Micro 5.5:dnsmasq-2.92rel2-150400.16.12.1.ppc64le",
"SUSE Linux Enterprise Micro 5.5:dnsmasq-2.92rel2-150400.16.12.1.s390x",
"SUSE Linux Enterprise Micro 5.5:dnsmasq-2.92rel2-150400.16.12.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:dnsmasq-2.92rel2-150400.16.12.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:dnsmasq-2.92rel2-150400.16.12.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:dnsmasq-2.92rel2-150400.16.12.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:dnsmasq-2.92rel2-150400.16.12.1.x86_64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:dnsmasq-2.92rel2-150400.16.12.1.aarch64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:dnsmasq-2.92rel2-150400.16.12.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP4-LTSS:dnsmasq-2.92rel2-150400.16.12.1.s390x",
"SUSE Linux Enterprise Server 15 SP4-LTSS:dnsmasq-2.92rel2-150400.16.12.1.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:dnsmasq-2.92rel2-150400.16.12.1.aarch64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:dnsmasq-2.92rel2-150400.16.12.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP5-LTSS:dnsmasq-2.92rel2-150400.16.12.1.s390x",
"SUSE Linux Enterprise Server 15 SP5-LTSS:dnsmasq-2.92rel2-150400.16.12.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:dnsmasq-2.92rel2-150400.16.12.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:dnsmasq-2.92rel2-150400.16.12.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:dnsmasq-2.92rel2-150400.16.12.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:dnsmasq-2.92rel2-150400.16.12.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:dnsmasq-2.92rel2-150400.16.12.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:dnsmasq-2.92rel2-150400.16.12.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:dnsmasq-2.92rel2-150400.16.12.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:dnsmasq-2.92rel2-150400.16.12.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:dnsmasq-2.92rel2-150400.16.12.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:dnsmasq-2.92rel2-150400.16.12.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-4892",
"url": "https://www.suse.com/security/cve/CVE-2026-4892"
},
{
"category": "external",
"summary": "SUSE Bug 1265003 for CVE-2026-4892",
"url": "https://bugzilla.suse.com/1265003"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:dnsmasq-2.92rel2-150400.16.12.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:dnsmasq-2.92rel2-150400.16.12.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:dnsmasq-2.92rel2-150400.16.12.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:dnsmasq-2.92rel2-150400.16.12.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:dnsmasq-2.92rel2-150400.16.12.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:dnsmasq-2.92rel2-150400.16.12.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:dnsmasq-2.92rel2-150400.16.12.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:dnsmasq-2.92rel2-150400.16.12.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:dnsmasq-2.92rel2-150400.16.12.1.aarch64",
"SUSE Linux Enterprise Micro 5.3:dnsmasq-2.92rel2-150400.16.12.1.s390x",
"SUSE Linux Enterprise Micro 5.3:dnsmasq-2.92rel2-150400.16.12.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:dnsmasq-2.92rel2-150400.16.12.1.aarch64",
"SUSE Linux Enterprise Micro 5.4:dnsmasq-2.92rel2-150400.16.12.1.s390x",
"SUSE Linux Enterprise Micro 5.4:dnsmasq-2.92rel2-150400.16.12.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:dnsmasq-2.92rel2-150400.16.12.1.aarch64",
"SUSE Linux Enterprise Micro 5.5:dnsmasq-2.92rel2-150400.16.12.1.ppc64le",
"SUSE Linux Enterprise Micro 5.5:dnsmasq-2.92rel2-150400.16.12.1.s390x",
"SUSE Linux Enterprise Micro 5.5:dnsmasq-2.92rel2-150400.16.12.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:dnsmasq-2.92rel2-150400.16.12.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:dnsmasq-2.92rel2-150400.16.12.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:dnsmasq-2.92rel2-150400.16.12.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:dnsmasq-2.92rel2-150400.16.12.1.x86_64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:dnsmasq-2.92rel2-150400.16.12.1.aarch64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:dnsmasq-2.92rel2-150400.16.12.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP4-LTSS:dnsmasq-2.92rel2-150400.16.12.1.s390x",
"SUSE Linux Enterprise Server 15 SP4-LTSS:dnsmasq-2.92rel2-150400.16.12.1.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:dnsmasq-2.92rel2-150400.16.12.1.aarch64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:dnsmasq-2.92rel2-150400.16.12.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP5-LTSS:dnsmasq-2.92rel2-150400.16.12.1.s390x",
"SUSE Linux Enterprise Server 15 SP5-LTSS:dnsmasq-2.92rel2-150400.16.12.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:dnsmasq-2.92rel2-150400.16.12.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:dnsmasq-2.92rel2-150400.16.12.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:dnsmasq-2.92rel2-150400.16.12.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:dnsmasq-2.92rel2-150400.16.12.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:dnsmasq-2.92rel2-150400.16.12.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:dnsmasq-2.92rel2-150400.16.12.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:dnsmasq-2.92rel2-150400.16.12.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:dnsmasq-2.92rel2-150400.16.12.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:dnsmasq-2.92rel2-150400.16.12.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:dnsmasq-2.92rel2-150400.16.12.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.4,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:dnsmasq-2.92rel2-150400.16.12.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:dnsmasq-2.92rel2-150400.16.12.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:dnsmasq-2.92rel2-150400.16.12.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:dnsmasq-2.92rel2-150400.16.12.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:dnsmasq-2.92rel2-150400.16.12.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:dnsmasq-2.92rel2-150400.16.12.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:dnsmasq-2.92rel2-150400.16.12.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:dnsmasq-2.92rel2-150400.16.12.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:dnsmasq-2.92rel2-150400.16.12.1.aarch64",
"SUSE Linux Enterprise Micro 5.3:dnsmasq-2.92rel2-150400.16.12.1.s390x",
"SUSE Linux Enterprise Micro 5.3:dnsmasq-2.92rel2-150400.16.12.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:dnsmasq-2.92rel2-150400.16.12.1.aarch64",
"SUSE Linux Enterprise Micro 5.4:dnsmasq-2.92rel2-150400.16.12.1.s390x",
"SUSE Linux Enterprise Micro 5.4:dnsmasq-2.92rel2-150400.16.12.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:dnsmasq-2.92rel2-150400.16.12.1.aarch64",
"SUSE Linux Enterprise Micro 5.5:dnsmasq-2.92rel2-150400.16.12.1.ppc64le",
"SUSE Linux Enterprise Micro 5.5:dnsmasq-2.92rel2-150400.16.12.1.s390x",
"SUSE Linux Enterprise Micro 5.5:dnsmasq-2.92rel2-150400.16.12.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:dnsmasq-2.92rel2-150400.16.12.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:dnsmasq-2.92rel2-150400.16.12.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:dnsmasq-2.92rel2-150400.16.12.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:dnsmasq-2.92rel2-150400.16.12.1.x86_64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:dnsmasq-2.92rel2-150400.16.12.1.aarch64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:dnsmasq-2.92rel2-150400.16.12.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP4-LTSS:dnsmasq-2.92rel2-150400.16.12.1.s390x",
"SUSE Linux Enterprise Server 15 SP4-LTSS:dnsmasq-2.92rel2-150400.16.12.1.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:dnsmasq-2.92rel2-150400.16.12.1.aarch64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:dnsmasq-2.92rel2-150400.16.12.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP5-LTSS:dnsmasq-2.92rel2-150400.16.12.1.s390x",
"SUSE Linux Enterprise Server 15 SP5-LTSS:dnsmasq-2.92rel2-150400.16.12.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:dnsmasq-2.92rel2-150400.16.12.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:dnsmasq-2.92rel2-150400.16.12.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:dnsmasq-2.92rel2-150400.16.12.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:dnsmasq-2.92rel2-150400.16.12.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:dnsmasq-2.92rel2-150400.16.12.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:dnsmasq-2.92rel2-150400.16.12.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:dnsmasq-2.92rel2-150400.16.12.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:dnsmasq-2.92rel2-150400.16.12.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:dnsmasq-2.92rel2-150400.16.12.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:dnsmasq-2.92rel2-150400.16.12.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-05-18T07:40:10Z",
"details": "important"
}
],
"title": "CVE-2026-4892"
},
{
"cve": "CVE-2026-4893",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-4893"
}
],
"notes": [
{
"category": "general",
"text": "An information disclosure vulnerability in dnsmasq allows remote attackers to bypass source checks via a crafted DNS packet with RFC 7871 client subnet information.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:dnsmasq-2.92rel2-150400.16.12.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:dnsmasq-2.92rel2-150400.16.12.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:dnsmasq-2.92rel2-150400.16.12.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:dnsmasq-2.92rel2-150400.16.12.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:dnsmasq-2.92rel2-150400.16.12.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:dnsmasq-2.92rel2-150400.16.12.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:dnsmasq-2.92rel2-150400.16.12.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:dnsmasq-2.92rel2-150400.16.12.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:dnsmasq-2.92rel2-150400.16.12.1.aarch64",
"SUSE Linux Enterprise Micro 5.3:dnsmasq-2.92rel2-150400.16.12.1.s390x",
"SUSE Linux Enterprise Micro 5.3:dnsmasq-2.92rel2-150400.16.12.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:dnsmasq-2.92rel2-150400.16.12.1.aarch64",
"SUSE Linux Enterprise Micro 5.4:dnsmasq-2.92rel2-150400.16.12.1.s390x",
"SUSE Linux Enterprise Micro 5.4:dnsmasq-2.92rel2-150400.16.12.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:dnsmasq-2.92rel2-150400.16.12.1.aarch64",
"SUSE Linux Enterprise Micro 5.5:dnsmasq-2.92rel2-150400.16.12.1.ppc64le",
"SUSE Linux Enterprise Micro 5.5:dnsmasq-2.92rel2-150400.16.12.1.s390x",
"SUSE Linux Enterprise Micro 5.5:dnsmasq-2.92rel2-150400.16.12.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:dnsmasq-2.92rel2-150400.16.12.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:dnsmasq-2.92rel2-150400.16.12.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:dnsmasq-2.92rel2-150400.16.12.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:dnsmasq-2.92rel2-150400.16.12.1.x86_64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:dnsmasq-2.92rel2-150400.16.12.1.aarch64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:dnsmasq-2.92rel2-150400.16.12.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP4-LTSS:dnsmasq-2.92rel2-150400.16.12.1.s390x",
"SUSE Linux Enterprise Server 15 SP4-LTSS:dnsmasq-2.92rel2-150400.16.12.1.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:dnsmasq-2.92rel2-150400.16.12.1.aarch64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:dnsmasq-2.92rel2-150400.16.12.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP5-LTSS:dnsmasq-2.92rel2-150400.16.12.1.s390x",
"SUSE Linux Enterprise Server 15 SP5-LTSS:dnsmasq-2.92rel2-150400.16.12.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:dnsmasq-2.92rel2-150400.16.12.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:dnsmasq-2.92rel2-150400.16.12.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:dnsmasq-2.92rel2-150400.16.12.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:dnsmasq-2.92rel2-150400.16.12.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:dnsmasq-2.92rel2-150400.16.12.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:dnsmasq-2.92rel2-150400.16.12.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:dnsmasq-2.92rel2-150400.16.12.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:dnsmasq-2.92rel2-150400.16.12.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:dnsmasq-2.92rel2-150400.16.12.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:dnsmasq-2.92rel2-150400.16.12.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-4893",
"url": "https://www.suse.com/security/cve/CVE-2026-4893"
},
{
"category": "external",
"summary": "SUSE Bug 1265004 for CVE-2026-4893",
"url": "https://bugzilla.suse.com/1265004"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:dnsmasq-2.92rel2-150400.16.12.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:dnsmasq-2.92rel2-150400.16.12.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:dnsmasq-2.92rel2-150400.16.12.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:dnsmasq-2.92rel2-150400.16.12.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:dnsmasq-2.92rel2-150400.16.12.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:dnsmasq-2.92rel2-150400.16.12.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:dnsmasq-2.92rel2-150400.16.12.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:dnsmasq-2.92rel2-150400.16.12.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:dnsmasq-2.92rel2-150400.16.12.1.aarch64",
"SUSE Linux Enterprise Micro 5.3:dnsmasq-2.92rel2-150400.16.12.1.s390x",
"SUSE Linux Enterprise Micro 5.3:dnsmasq-2.92rel2-150400.16.12.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:dnsmasq-2.92rel2-150400.16.12.1.aarch64",
"SUSE Linux Enterprise Micro 5.4:dnsmasq-2.92rel2-150400.16.12.1.s390x",
"SUSE Linux Enterprise Micro 5.4:dnsmasq-2.92rel2-150400.16.12.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:dnsmasq-2.92rel2-150400.16.12.1.aarch64",
"SUSE Linux Enterprise Micro 5.5:dnsmasq-2.92rel2-150400.16.12.1.ppc64le",
"SUSE Linux Enterprise Micro 5.5:dnsmasq-2.92rel2-150400.16.12.1.s390x",
"SUSE Linux Enterprise Micro 5.5:dnsmasq-2.92rel2-150400.16.12.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:dnsmasq-2.92rel2-150400.16.12.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:dnsmasq-2.92rel2-150400.16.12.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:dnsmasq-2.92rel2-150400.16.12.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:dnsmasq-2.92rel2-150400.16.12.1.x86_64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:dnsmasq-2.92rel2-150400.16.12.1.aarch64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:dnsmasq-2.92rel2-150400.16.12.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP4-LTSS:dnsmasq-2.92rel2-150400.16.12.1.s390x",
"SUSE Linux Enterprise Server 15 SP4-LTSS:dnsmasq-2.92rel2-150400.16.12.1.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:dnsmasq-2.92rel2-150400.16.12.1.aarch64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:dnsmasq-2.92rel2-150400.16.12.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP5-LTSS:dnsmasq-2.92rel2-150400.16.12.1.s390x",
"SUSE Linux Enterprise Server 15 SP5-LTSS:dnsmasq-2.92rel2-150400.16.12.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:dnsmasq-2.92rel2-150400.16.12.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:dnsmasq-2.92rel2-150400.16.12.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:dnsmasq-2.92rel2-150400.16.12.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:dnsmasq-2.92rel2-150400.16.12.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:dnsmasq-2.92rel2-150400.16.12.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:dnsmasq-2.92rel2-150400.16.12.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:dnsmasq-2.92rel2-150400.16.12.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:dnsmasq-2.92rel2-150400.16.12.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:dnsmasq-2.92rel2-150400.16.12.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:dnsmasq-2.92rel2-150400.16.12.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:dnsmasq-2.92rel2-150400.16.12.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:dnsmasq-2.92rel2-150400.16.12.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:dnsmasq-2.92rel2-150400.16.12.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:dnsmasq-2.92rel2-150400.16.12.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:dnsmasq-2.92rel2-150400.16.12.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:dnsmasq-2.92rel2-150400.16.12.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:dnsmasq-2.92rel2-150400.16.12.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:dnsmasq-2.92rel2-150400.16.12.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:dnsmasq-2.92rel2-150400.16.12.1.aarch64",
"SUSE Linux Enterprise Micro 5.3:dnsmasq-2.92rel2-150400.16.12.1.s390x",
"SUSE Linux Enterprise Micro 5.3:dnsmasq-2.92rel2-150400.16.12.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:dnsmasq-2.92rel2-150400.16.12.1.aarch64",
"SUSE Linux Enterprise Micro 5.4:dnsmasq-2.92rel2-150400.16.12.1.s390x",
"SUSE Linux Enterprise Micro 5.4:dnsmasq-2.92rel2-150400.16.12.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:dnsmasq-2.92rel2-150400.16.12.1.aarch64",
"SUSE Linux Enterprise Micro 5.5:dnsmasq-2.92rel2-150400.16.12.1.ppc64le",
"SUSE Linux Enterprise Micro 5.5:dnsmasq-2.92rel2-150400.16.12.1.s390x",
"SUSE Linux Enterprise Micro 5.5:dnsmasq-2.92rel2-150400.16.12.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:dnsmasq-2.92rel2-150400.16.12.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:dnsmasq-2.92rel2-150400.16.12.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:dnsmasq-2.92rel2-150400.16.12.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:dnsmasq-2.92rel2-150400.16.12.1.x86_64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:dnsmasq-2.92rel2-150400.16.12.1.aarch64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:dnsmasq-2.92rel2-150400.16.12.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP4-LTSS:dnsmasq-2.92rel2-150400.16.12.1.s390x",
"SUSE Linux Enterprise Server 15 SP4-LTSS:dnsmasq-2.92rel2-150400.16.12.1.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:dnsmasq-2.92rel2-150400.16.12.1.aarch64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:dnsmasq-2.92rel2-150400.16.12.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP5-LTSS:dnsmasq-2.92rel2-150400.16.12.1.s390x",
"SUSE Linux Enterprise Server 15 SP5-LTSS:dnsmasq-2.92rel2-150400.16.12.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:dnsmasq-2.92rel2-150400.16.12.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:dnsmasq-2.92rel2-150400.16.12.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:dnsmasq-2.92rel2-150400.16.12.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:dnsmasq-2.92rel2-150400.16.12.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:dnsmasq-2.92rel2-150400.16.12.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:dnsmasq-2.92rel2-150400.16.12.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:dnsmasq-2.92rel2-150400.16.12.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:dnsmasq-2.92rel2-150400.16.12.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:dnsmasq-2.92rel2-150400.16.12.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:dnsmasq-2.92rel2-150400.16.12.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-05-18T07:40:10Z",
"details": "moderate"
}
],
"title": "CVE-2026-4893"
},
{
"cve": "CVE-2026-5172",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-5172"
}
],
"notes": [
{
"category": "general",
"text": "A buffer overflow in dnsmasq\u0027s extract_addresses() function allows an attacker to trigger a heap out-of-bounds read and crash by exploiting a malformed DNS response, enabling extract_name() to advance the pointer past the record\u0027s end.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:dnsmasq-2.92rel2-150400.16.12.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:dnsmasq-2.92rel2-150400.16.12.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:dnsmasq-2.92rel2-150400.16.12.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:dnsmasq-2.92rel2-150400.16.12.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:dnsmasq-2.92rel2-150400.16.12.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:dnsmasq-2.92rel2-150400.16.12.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:dnsmasq-2.92rel2-150400.16.12.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:dnsmasq-2.92rel2-150400.16.12.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:dnsmasq-2.92rel2-150400.16.12.1.aarch64",
"SUSE Linux Enterprise Micro 5.3:dnsmasq-2.92rel2-150400.16.12.1.s390x",
"SUSE Linux Enterprise Micro 5.3:dnsmasq-2.92rel2-150400.16.12.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:dnsmasq-2.92rel2-150400.16.12.1.aarch64",
"SUSE Linux Enterprise Micro 5.4:dnsmasq-2.92rel2-150400.16.12.1.s390x",
"SUSE Linux Enterprise Micro 5.4:dnsmasq-2.92rel2-150400.16.12.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:dnsmasq-2.92rel2-150400.16.12.1.aarch64",
"SUSE Linux Enterprise Micro 5.5:dnsmasq-2.92rel2-150400.16.12.1.ppc64le",
"SUSE Linux Enterprise Micro 5.5:dnsmasq-2.92rel2-150400.16.12.1.s390x",
"SUSE Linux Enterprise Micro 5.5:dnsmasq-2.92rel2-150400.16.12.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:dnsmasq-2.92rel2-150400.16.12.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:dnsmasq-2.92rel2-150400.16.12.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:dnsmasq-2.92rel2-150400.16.12.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:dnsmasq-2.92rel2-150400.16.12.1.x86_64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:dnsmasq-2.92rel2-150400.16.12.1.aarch64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:dnsmasq-2.92rel2-150400.16.12.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP4-LTSS:dnsmasq-2.92rel2-150400.16.12.1.s390x",
"SUSE Linux Enterprise Server 15 SP4-LTSS:dnsmasq-2.92rel2-150400.16.12.1.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:dnsmasq-2.92rel2-150400.16.12.1.aarch64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:dnsmasq-2.92rel2-150400.16.12.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP5-LTSS:dnsmasq-2.92rel2-150400.16.12.1.s390x",
"SUSE Linux Enterprise Server 15 SP5-LTSS:dnsmasq-2.92rel2-150400.16.12.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:dnsmasq-2.92rel2-150400.16.12.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:dnsmasq-2.92rel2-150400.16.12.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:dnsmasq-2.92rel2-150400.16.12.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:dnsmasq-2.92rel2-150400.16.12.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:dnsmasq-2.92rel2-150400.16.12.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:dnsmasq-2.92rel2-150400.16.12.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:dnsmasq-2.92rel2-150400.16.12.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:dnsmasq-2.92rel2-150400.16.12.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:dnsmasq-2.92rel2-150400.16.12.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:dnsmasq-2.92rel2-150400.16.12.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-5172",
"url": "https://www.suse.com/security/cve/CVE-2026-5172"
},
{
"category": "external",
"summary": "SUSE Bug 1265006 for CVE-2026-5172",
"url": "https://bugzilla.suse.com/1265006"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:dnsmasq-2.92rel2-150400.16.12.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:dnsmasq-2.92rel2-150400.16.12.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:dnsmasq-2.92rel2-150400.16.12.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:dnsmasq-2.92rel2-150400.16.12.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:dnsmasq-2.92rel2-150400.16.12.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:dnsmasq-2.92rel2-150400.16.12.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:dnsmasq-2.92rel2-150400.16.12.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:dnsmasq-2.92rel2-150400.16.12.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:dnsmasq-2.92rel2-150400.16.12.1.aarch64",
"SUSE Linux Enterprise Micro 5.3:dnsmasq-2.92rel2-150400.16.12.1.s390x",
"SUSE Linux Enterprise Micro 5.3:dnsmasq-2.92rel2-150400.16.12.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:dnsmasq-2.92rel2-150400.16.12.1.aarch64",
"SUSE Linux Enterprise Micro 5.4:dnsmasq-2.92rel2-150400.16.12.1.s390x",
"SUSE Linux Enterprise Micro 5.4:dnsmasq-2.92rel2-150400.16.12.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:dnsmasq-2.92rel2-150400.16.12.1.aarch64",
"SUSE Linux Enterprise Micro 5.5:dnsmasq-2.92rel2-150400.16.12.1.ppc64le",
"SUSE Linux Enterprise Micro 5.5:dnsmasq-2.92rel2-150400.16.12.1.s390x",
"SUSE Linux Enterprise Micro 5.5:dnsmasq-2.92rel2-150400.16.12.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:dnsmasq-2.92rel2-150400.16.12.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:dnsmasq-2.92rel2-150400.16.12.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:dnsmasq-2.92rel2-150400.16.12.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:dnsmasq-2.92rel2-150400.16.12.1.x86_64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:dnsmasq-2.92rel2-150400.16.12.1.aarch64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:dnsmasq-2.92rel2-150400.16.12.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP4-LTSS:dnsmasq-2.92rel2-150400.16.12.1.s390x",
"SUSE Linux Enterprise Server 15 SP4-LTSS:dnsmasq-2.92rel2-150400.16.12.1.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:dnsmasq-2.92rel2-150400.16.12.1.aarch64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:dnsmasq-2.92rel2-150400.16.12.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP5-LTSS:dnsmasq-2.92rel2-150400.16.12.1.s390x",
"SUSE Linux Enterprise Server 15 SP5-LTSS:dnsmasq-2.92rel2-150400.16.12.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:dnsmasq-2.92rel2-150400.16.12.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:dnsmasq-2.92rel2-150400.16.12.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:dnsmasq-2.92rel2-150400.16.12.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:dnsmasq-2.92rel2-150400.16.12.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:dnsmasq-2.92rel2-150400.16.12.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:dnsmasq-2.92rel2-150400.16.12.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:dnsmasq-2.92rel2-150400.16.12.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:dnsmasq-2.92rel2-150400.16.12.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:dnsmasq-2.92rel2-150400.16.12.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:dnsmasq-2.92rel2-150400.16.12.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:dnsmasq-2.92rel2-150400.16.12.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:dnsmasq-2.92rel2-150400.16.12.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:dnsmasq-2.92rel2-150400.16.12.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:dnsmasq-2.92rel2-150400.16.12.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:dnsmasq-2.92rel2-150400.16.12.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:dnsmasq-2.92rel2-150400.16.12.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:dnsmasq-2.92rel2-150400.16.12.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:dnsmasq-2.92rel2-150400.16.12.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:dnsmasq-2.92rel2-150400.16.12.1.aarch64",
"SUSE Linux Enterprise Micro 5.3:dnsmasq-2.92rel2-150400.16.12.1.s390x",
"SUSE Linux Enterprise Micro 5.3:dnsmasq-2.92rel2-150400.16.12.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:dnsmasq-2.92rel2-150400.16.12.1.aarch64",
"SUSE Linux Enterprise Micro 5.4:dnsmasq-2.92rel2-150400.16.12.1.s390x",
"SUSE Linux Enterprise Micro 5.4:dnsmasq-2.92rel2-150400.16.12.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:dnsmasq-2.92rel2-150400.16.12.1.aarch64",
"SUSE Linux Enterprise Micro 5.5:dnsmasq-2.92rel2-150400.16.12.1.ppc64le",
"SUSE Linux Enterprise Micro 5.5:dnsmasq-2.92rel2-150400.16.12.1.s390x",
"SUSE Linux Enterprise Micro 5.5:dnsmasq-2.92rel2-150400.16.12.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:dnsmasq-2.92rel2-150400.16.12.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:dnsmasq-2.92rel2-150400.16.12.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:dnsmasq-2.92rel2-150400.16.12.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:dnsmasq-2.92rel2-150400.16.12.1.x86_64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:dnsmasq-2.92rel2-150400.16.12.1.aarch64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:dnsmasq-2.92rel2-150400.16.12.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP4-LTSS:dnsmasq-2.92rel2-150400.16.12.1.s390x",
"SUSE Linux Enterprise Server 15 SP4-LTSS:dnsmasq-2.92rel2-150400.16.12.1.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:dnsmasq-2.92rel2-150400.16.12.1.aarch64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:dnsmasq-2.92rel2-150400.16.12.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP5-LTSS:dnsmasq-2.92rel2-150400.16.12.1.s390x",
"SUSE Linux Enterprise Server 15 SP5-LTSS:dnsmasq-2.92rel2-150400.16.12.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:dnsmasq-2.92rel2-150400.16.12.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:dnsmasq-2.92rel2-150400.16.12.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:dnsmasq-2.92rel2-150400.16.12.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:dnsmasq-2.92rel2-150400.16.12.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:dnsmasq-2.92rel2-150400.16.12.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:dnsmasq-2.92rel2-150400.16.12.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:dnsmasq-2.92rel2-150400.16.12.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:dnsmasq-2.92rel2-150400.16.12.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:dnsmasq-2.92rel2-150400.16.12.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:dnsmasq-2.92rel2-150400.16.12.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-05-18T07:40:10Z",
"details": "important"
}
],
"title": "CVE-2026-5172"
},
{
"cve": "CVE-2026-6507",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-6507"
}
],
"notes": [
{
"category": "general",
"text": "A flaw was found in dnsmasq. A remote attacker could exploit an out-of-bounds write vulnerability by sending a specially crafted BOOTREPLY (Bootstrap Protocol Reply) packet to a dnsmasq server configured with the `--dhcp-split-relay` option. This can lead to memory corruption, causing the dnsmasq daemon to crash and resulting in a denial of service (DoS).",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:dnsmasq-2.92rel2-150400.16.12.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:dnsmasq-2.92rel2-150400.16.12.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:dnsmasq-2.92rel2-150400.16.12.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:dnsmasq-2.92rel2-150400.16.12.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:dnsmasq-2.92rel2-150400.16.12.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:dnsmasq-2.92rel2-150400.16.12.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:dnsmasq-2.92rel2-150400.16.12.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:dnsmasq-2.92rel2-150400.16.12.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:dnsmasq-2.92rel2-150400.16.12.1.aarch64",
"SUSE Linux Enterprise Micro 5.3:dnsmasq-2.92rel2-150400.16.12.1.s390x",
"SUSE Linux Enterprise Micro 5.3:dnsmasq-2.92rel2-150400.16.12.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:dnsmasq-2.92rel2-150400.16.12.1.aarch64",
"SUSE Linux Enterprise Micro 5.4:dnsmasq-2.92rel2-150400.16.12.1.s390x",
"SUSE Linux Enterprise Micro 5.4:dnsmasq-2.92rel2-150400.16.12.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:dnsmasq-2.92rel2-150400.16.12.1.aarch64",
"SUSE Linux Enterprise Micro 5.5:dnsmasq-2.92rel2-150400.16.12.1.ppc64le",
"SUSE Linux Enterprise Micro 5.5:dnsmasq-2.92rel2-150400.16.12.1.s390x",
"SUSE Linux Enterprise Micro 5.5:dnsmasq-2.92rel2-150400.16.12.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:dnsmasq-2.92rel2-150400.16.12.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:dnsmasq-2.92rel2-150400.16.12.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:dnsmasq-2.92rel2-150400.16.12.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:dnsmasq-2.92rel2-150400.16.12.1.x86_64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:dnsmasq-2.92rel2-150400.16.12.1.aarch64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:dnsmasq-2.92rel2-150400.16.12.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP4-LTSS:dnsmasq-2.92rel2-150400.16.12.1.s390x",
"SUSE Linux Enterprise Server 15 SP4-LTSS:dnsmasq-2.92rel2-150400.16.12.1.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:dnsmasq-2.92rel2-150400.16.12.1.aarch64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:dnsmasq-2.92rel2-150400.16.12.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP5-LTSS:dnsmasq-2.92rel2-150400.16.12.1.s390x",
"SUSE Linux Enterprise Server 15 SP5-LTSS:dnsmasq-2.92rel2-150400.16.12.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:dnsmasq-2.92rel2-150400.16.12.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:dnsmasq-2.92rel2-150400.16.12.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:dnsmasq-2.92rel2-150400.16.12.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:dnsmasq-2.92rel2-150400.16.12.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:dnsmasq-2.92rel2-150400.16.12.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:dnsmasq-2.92rel2-150400.16.12.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:dnsmasq-2.92rel2-150400.16.12.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:dnsmasq-2.92rel2-150400.16.12.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:dnsmasq-2.92rel2-150400.16.12.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:dnsmasq-2.92rel2-150400.16.12.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-6507",
"url": "https://www.suse.com/security/cve/CVE-2026-6507"
},
{
"category": "external",
"summary": "SUSE Bug 1262487 for CVE-2026-6507",
"url": "https://bugzilla.suse.com/1262487"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:dnsmasq-2.92rel2-150400.16.12.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:dnsmasq-2.92rel2-150400.16.12.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:dnsmasq-2.92rel2-150400.16.12.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:dnsmasq-2.92rel2-150400.16.12.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:dnsmasq-2.92rel2-150400.16.12.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:dnsmasq-2.92rel2-150400.16.12.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:dnsmasq-2.92rel2-150400.16.12.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:dnsmasq-2.92rel2-150400.16.12.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:dnsmasq-2.92rel2-150400.16.12.1.aarch64",
"SUSE Linux Enterprise Micro 5.3:dnsmasq-2.92rel2-150400.16.12.1.s390x",
"SUSE Linux Enterprise Micro 5.3:dnsmasq-2.92rel2-150400.16.12.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:dnsmasq-2.92rel2-150400.16.12.1.aarch64",
"SUSE Linux Enterprise Micro 5.4:dnsmasq-2.92rel2-150400.16.12.1.s390x",
"SUSE Linux Enterprise Micro 5.4:dnsmasq-2.92rel2-150400.16.12.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:dnsmasq-2.92rel2-150400.16.12.1.aarch64",
"SUSE Linux Enterprise Micro 5.5:dnsmasq-2.92rel2-150400.16.12.1.ppc64le",
"SUSE Linux Enterprise Micro 5.5:dnsmasq-2.92rel2-150400.16.12.1.s390x",
"SUSE Linux Enterprise Micro 5.5:dnsmasq-2.92rel2-150400.16.12.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:dnsmasq-2.92rel2-150400.16.12.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:dnsmasq-2.92rel2-150400.16.12.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:dnsmasq-2.92rel2-150400.16.12.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:dnsmasq-2.92rel2-150400.16.12.1.x86_64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:dnsmasq-2.92rel2-150400.16.12.1.aarch64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:dnsmasq-2.92rel2-150400.16.12.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP4-LTSS:dnsmasq-2.92rel2-150400.16.12.1.s390x",
"SUSE Linux Enterprise Server 15 SP4-LTSS:dnsmasq-2.92rel2-150400.16.12.1.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:dnsmasq-2.92rel2-150400.16.12.1.aarch64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:dnsmasq-2.92rel2-150400.16.12.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP5-LTSS:dnsmasq-2.92rel2-150400.16.12.1.s390x",
"SUSE Linux Enterprise Server 15 SP5-LTSS:dnsmasq-2.92rel2-150400.16.12.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:dnsmasq-2.92rel2-150400.16.12.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:dnsmasq-2.92rel2-150400.16.12.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:dnsmasq-2.92rel2-150400.16.12.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:dnsmasq-2.92rel2-150400.16.12.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:dnsmasq-2.92rel2-150400.16.12.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:dnsmasq-2.92rel2-150400.16.12.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:dnsmasq-2.92rel2-150400.16.12.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:dnsmasq-2.92rel2-150400.16.12.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:dnsmasq-2.92rel2-150400.16.12.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:dnsmasq-2.92rel2-150400.16.12.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:dnsmasq-2.92rel2-150400.16.12.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:dnsmasq-2.92rel2-150400.16.12.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:dnsmasq-2.92rel2-150400.16.12.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:dnsmasq-2.92rel2-150400.16.12.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:dnsmasq-2.92rel2-150400.16.12.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:dnsmasq-2.92rel2-150400.16.12.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:dnsmasq-2.92rel2-150400.16.12.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:dnsmasq-2.92rel2-150400.16.12.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:dnsmasq-2.92rel2-150400.16.12.1.aarch64",
"SUSE Linux Enterprise Micro 5.3:dnsmasq-2.92rel2-150400.16.12.1.s390x",
"SUSE Linux Enterprise Micro 5.3:dnsmasq-2.92rel2-150400.16.12.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:dnsmasq-2.92rel2-150400.16.12.1.aarch64",
"SUSE Linux Enterprise Micro 5.4:dnsmasq-2.92rel2-150400.16.12.1.s390x",
"SUSE Linux Enterprise Micro 5.4:dnsmasq-2.92rel2-150400.16.12.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:dnsmasq-2.92rel2-150400.16.12.1.aarch64",
"SUSE Linux Enterprise Micro 5.5:dnsmasq-2.92rel2-150400.16.12.1.ppc64le",
"SUSE Linux Enterprise Micro 5.5:dnsmasq-2.92rel2-150400.16.12.1.s390x",
"SUSE Linux Enterprise Micro 5.5:dnsmasq-2.92rel2-150400.16.12.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:dnsmasq-2.92rel2-150400.16.12.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:dnsmasq-2.92rel2-150400.16.12.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:dnsmasq-2.92rel2-150400.16.12.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:dnsmasq-2.92rel2-150400.16.12.1.x86_64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:dnsmasq-2.92rel2-150400.16.12.1.aarch64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:dnsmasq-2.92rel2-150400.16.12.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP4-LTSS:dnsmasq-2.92rel2-150400.16.12.1.s390x",
"SUSE Linux Enterprise Server 15 SP4-LTSS:dnsmasq-2.92rel2-150400.16.12.1.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:dnsmasq-2.92rel2-150400.16.12.1.aarch64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:dnsmasq-2.92rel2-150400.16.12.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP5-LTSS:dnsmasq-2.92rel2-150400.16.12.1.s390x",
"SUSE Linux Enterprise Server 15 SP5-LTSS:dnsmasq-2.92rel2-150400.16.12.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:dnsmasq-2.92rel2-150400.16.12.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:dnsmasq-2.92rel2-150400.16.12.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:dnsmasq-2.92rel2-150400.16.12.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:dnsmasq-2.92rel2-150400.16.12.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:dnsmasq-2.92rel2-150400.16.12.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:dnsmasq-2.92rel2-150400.16.12.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:dnsmasq-2.92rel2-150400.16.12.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:dnsmasq-2.92rel2-150400.16.12.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:dnsmasq-2.92rel2-150400.16.12.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:dnsmasq-2.92rel2-150400.16.12.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-05-18T07:40:10Z",
"details": "important"
}
],
"title": "CVE-2026-6507"
}
]
}
SUSE-SU-2026:21640-1
Vulnerability from csaf_suse - Published: 2026-05-13 16:34 - Updated: 2026-05-13 16:34| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Micro 6.2:dnsmasq-2.92rel2-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:dnsmasq-2.92rel2-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:dnsmasq-2.92rel2-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:dnsmasq-2.92rel2-160000.1.1.x86_64 | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Micro 6.2:dnsmasq-2.92rel2-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:dnsmasq-2.92rel2-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:dnsmasq-2.92rel2-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:dnsmasq-2.92rel2-160000.1.1.x86_64 | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Micro 6.2:dnsmasq-2.92rel2-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:dnsmasq-2.92rel2-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:dnsmasq-2.92rel2-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:dnsmasq-2.92rel2-160000.1.1.x86_64 | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Micro 6.2:dnsmasq-2.92rel2-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:dnsmasq-2.92rel2-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:dnsmasq-2.92rel2-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:dnsmasq-2.92rel2-160000.1.1.x86_64 | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Micro 6.2:dnsmasq-2.92rel2-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:dnsmasq-2.92rel2-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:dnsmasq-2.92rel2-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:dnsmasq-2.92rel2-160000.1.1.x86_64 | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Micro 6.2:dnsmasq-2.92rel2-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:dnsmasq-2.92rel2-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:dnsmasq-2.92rel2-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:dnsmasq-2.92rel2-160000.1.1.x86_64 | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Micro 6.2:dnsmasq-2.92rel2-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:dnsmasq-2.92rel2-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:dnsmasq-2.92rel2-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:dnsmasq-2.92rel2-160000.1.1.x86_64 | — |
Vendor Fix
|
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for dnsmasq",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for dnsmasq fixes the following issues\n\nSecurity issues:\n\n- CVE-2026-2291: dnsmasq can be abused to record false cached data enabling DoS or attacker redirect\n (bsc#1258251).\n- CVE-2026-4890: DoS vulnerability in the DNSSEC validation (bsc#1265001).\n- CVE-2026-4891: heap-based out-of-bounds read vulnerability in the DNSSEC validation (bsc#1265002).\n- CVE-2026-4892: heap-based out-of-bounds write vulnerability in the DHCPv6 implementation (bsc#1265003).\n- CVE-2026-4893: information disclosure vulnerability in dnsmasq allows remote attackers to bypass source checks\n (bsc#1265004).\n- CVE-2026-5172: buffer overflow in dnsmasq\u0027s extract_addresses() function (bsc#1265006).\n- CVE-2026-6507: out-of-bounds write in DHCP BOOTREPLY processing can lead to denial of service (bsc#1262487).\n\nNon security issues:\n\n- aardvark-dns upstream tests make dnsmasq dump core (bsc#1247812).\n- Drop rcFOO symlinks for CODE16 (jsc#PED-266.\n- libnettle: update to 4.0 breaks dnsmasq and gnutls (bsc#1257934).\n- unknown user or group: dnsmasq with latest proposed dnsmasq update when doing virsh net-start (bsc#1235517).\n- Update to security release 2.92rel2.\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-SL-Micro-6.2-742",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2026_21640-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2026:21640-1",
"url": "https://www.suse.com/support/update/announcement/2026/suse-su-202621640-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2026:21640-1",
"url": "https://lists.suse.com/pipermail/sle-updates/2026-May/046474.html"
},
{
"category": "self",
"summary": "SUSE Bug 1235517",
"url": "https://bugzilla.suse.com/1235517"
},
{
"category": "self",
"summary": "SUSE Bug 1235834",
"url": "https://bugzilla.suse.com/1235834"
},
{
"category": "self",
"summary": "SUSE Bug 1247812",
"url": "https://bugzilla.suse.com/1247812"
},
{
"category": "self",
"summary": "SUSE Bug 1257934",
"url": "https://bugzilla.suse.com/1257934"
},
{
"category": "self",
"summary": "SUSE Bug 1258251",
"url": "https://bugzilla.suse.com/1258251"
},
{
"category": "self",
"summary": "SUSE Bug 1262487",
"url": "https://bugzilla.suse.com/1262487"
},
{
"category": "self",
"summary": "SUSE Bug 1265001",
"url": "https://bugzilla.suse.com/1265001"
},
{
"category": "self",
"summary": "SUSE Bug 1265002",
"url": "https://bugzilla.suse.com/1265002"
},
{
"category": "self",
"summary": "SUSE Bug 1265003",
"url": "https://bugzilla.suse.com/1265003"
},
{
"category": "self",
"summary": "SUSE Bug 1265004",
"url": "https://bugzilla.suse.com/1265004"
},
{
"category": "self",
"summary": "SUSE Bug 1265006",
"url": "https://bugzilla.suse.com/1265006"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-2291 page",
"url": "https://www.suse.com/security/cve/CVE-2026-2291/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-4890 page",
"url": "https://www.suse.com/security/cve/CVE-2026-4890/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-4891 page",
"url": "https://www.suse.com/security/cve/CVE-2026-4891/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-4892 page",
"url": "https://www.suse.com/security/cve/CVE-2026-4892/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-4893 page",
"url": "https://www.suse.com/security/cve/CVE-2026-4893/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-5172 page",
"url": "https://www.suse.com/security/cve/CVE-2026-5172/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-6507 page",
"url": "https://www.suse.com/security/cve/CVE-2026-6507/"
}
],
"title": "Security update for dnsmasq",
"tracking": {
"current_release_date": "2026-05-13T16:34:00Z",
"generator": {
"date": "2026-05-13T16:34:00Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2026:21640-1",
"initial_release_date": "2026-05-13T16:34:00Z",
"revision_history": [
{
"date": "2026-05-13T16:34:00Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "dnsmasq-2.92rel2-160000.1.1.aarch64",
"product": {
"name": "dnsmasq-2.92rel2-160000.1.1.aarch64",
"product_id": "dnsmasq-2.92rel2-160000.1.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "dnsmasq-2.92rel2-160000.1.1.ppc64le",
"product": {
"name": "dnsmasq-2.92rel2-160000.1.1.ppc64le",
"product_id": "dnsmasq-2.92rel2-160000.1.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "dnsmasq-2.92rel2-160000.1.1.s390x",
"product": {
"name": "dnsmasq-2.92rel2-160000.1.1.s390x",
"product_id": "dnsmasq-2.92rel2-160000.1.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "dnsmasq-2.92rel2-160000.1.1.x86_64",
"product": {
"name": "dnsmasq-2.92rel2-160000.1.1.x86_64",
"product_id": "dnsmasq-2.92rel2-160000.1.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Micro 6.2",
"product": {
"name": "SUSE Linux Micro 6.2",
"product_id": "SUSE Linux Micro 6.2",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sl-micro:6.2"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "dnsmasq-2.92rel2-160000.1.1.aarch64 as component of SUSE Linux Micro 6.2",
"product_id": "SUSE Linux Micro 6.2:dnsmasq-2.92rel2-160000.1.1.aarch64"
},
"product_reference": "dnsmasq-2.92rel2-160000.1.1.aarch64",
"relates_to_product_reference": "SUSE Linux Micro 6.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dnsmasq-2.92rel2-160000.1.1.ppc64le as component of SUSE Linux Micro 6.2",
"product_id": "SUSE Linux Micro 6.2:dnsmasq-2.92rel2-160000.1.1.ppc64le"
},
"product_reference": "dnsmasq-2.92rel2-160000.1.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Micro 6.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dnsmasq-2.92rel2-160000.1.1.s390x as component of SUSE Linux Micro 6.2",
"product_id": "SUSE Linux Micro 6.2:dnsmasq-2.92rel2-160000.1.1.s390x"
},
"product_reference": "dnsmasq-2.92rel2-160000.1.1.s390x",
"relates_to_product_reference": "SUSE Linux Micro 6.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dnsmasq-2.92rel2-160000.1.1.x86_64 as component of SUSE Linux Micro 6.2",
"product_id": "SUSE Linux Micro 6.2:dnsmasq-2.92rel2-160000.1.1.x86_64"
},
"product_reference": "dnsmasq-2.92rel2-160000.1.1.x86_64",
"relates_to_product_reference": "SUSE Linux Micro 6.2"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2026-2291",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-2291"
}
],
"notes": [
{
"category": "general",
"text": "dnsmasqs extract_name() function can be abused to cause a heap buffer overflow, allowing an attacker to inject false DNS cache entries, which could result in DNS lookups to redirect to an attacker-controlled IP address, or to cause a DoS.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:dnsmasq-2.92rel2-160000.1.1.aarch64",
"SUSE Linux Micro 6.2:dnsmasq-2.92rel2-160000.1.1.ppc64le",
"SUSE Linux Micro 6.2:dnsmasq-2.92rel2-160000.1.1.s390x",
"SUSE Linux Micro 6.2:dnsmasq-2.92rel2-160000.1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-2291",
"url": "https://www.suse.com/security/cve/CVE-2026-2291"
},
{
"category": "external",
"summary": "SUSE Bug 1258251 for CVE-2026-2291",
"url": "https://bugzilla.suse.com/1258251"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:dnsmasq-2.92rel2-160000.1.1.aarch64",
"SUSE Linux Micro 6.2:dnsmasq-2.92rel2-160000.1.1.ppc64le",
"SUSE Linux Micro 6.2:dnsmasq-2.92rel2-160000.1.1.s390x",
"SUSE Linux Micro 6.2:dnsmasq-2.92rel2-160000.1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:dnsmasq-2.92rel2-160000.1.1.aarch64",
"SUSE Linux Micro 6.2:dnsmasq-2.92rel2-160000.1.1.ppc64le",
"SUSE Linux Micro 6.2:dnsmasq-2.92rel2-160000.1.1.s390x",
"SUSE Linux Micro 6.2:dnsmasq-2.92rel2-160000.1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-05-13T16:34:00Z",
"details": "important"
}
],
"title": "CVE-2026-2291"
},
{
"cve": "CVE-2026-4890",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-4890"
}
],
"notes": [
{
"category": "general",
"text": "A Denial of Service (DoS) vulnerability in the DNSSEC validation of dnsmasq allows remote attackers to cause a denial of service via a crafted DNS packet.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:dnsmasq-2.92rel2-160000.1.1.aarch64",
"SUSE Linux Micro 6.2:dnsmasq-2.92rel2-160000.1.1.ppc64le",
"SUSE Linux Micro 6.2:dnsmasq-2.92rel2-160000.1.1.s390x",
"SUSE Linux Micro 6.2:dnsmasq-2.92rel2-160000.1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-4890",
"url": "https://www.suse.com/security/cve/CVE-2026-4890"
},
{
"category": "external",
"summary": "SUSE Bug 1265001 for CVE-2026-4890",
"url": "https://bugzilla.suse.com/1265001"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:dnsmasq-2.92rel2-160000.1.1.aarch64",
"SUSE Linux Micro 6.2:dnsmasq-2.92rel2-160000.1.1.ppc64le",
"SUSE Linux Micro 6.2:dnsmasq-2.92rel2-160000.1.1.s390x",
"SUSE Linux Micro 6.2:dnsmasq-2.92rel2-160000.1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:dnsmasq-2.92rel2-160000.1.1.aarch64",
"SUSE Linux Micro 6.2:dnsmasq-2.92rel2-160000.1.1.ppc64le",
"SUSE Linux Micro 6.2:dnsmasq-2.92rel2-160000.1.1.s390x",
"SUSE Linux Micro 6.2:dnsmasq-2.92rel2-160000.1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-05-13T16:34:00Z",
"details": "important"
}
],
"title": "CVE-2026-4890"
},
{
"cve": "CVE-2026-4891",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-4891"
}
],
"notes": [
{
"category": "general",
"text": "A heap-based out-of-bounds read vulnerability in the DNSSEC validation of dnsmasq allows remote attackers to cause a denial of service via a crafted DNS packet.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:dnsmasq-2.92rel2-160000.1.1.aarch64",
"SUSE Linux Micro 6.2:dnsmasq-2.92rel2-160000.1.1.ppc64le",
"SUSE Linux Micro 6.2:dnsmasq-2.92rel2-160000.1.1.s390x",
"SUSE Linux Micro 6.2:dnsmasq-2.92rel2-160000.1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-4891",
"url": "https://www.suse.com/security/cve/CVE-2026-4891"
},
{
"category": "external",
"summary": "SUSE Bug 1265002 for CVE-2026-4891",
"url": "https://bugzilla.suse.com/1265002"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:dnsmasq-2.92rel2-160000.1.1.aarch64",
"SUSE Linux Micro 6.2:dnsmasq-2.92rel2-160000.1.1.ppc64le",
"SUSE Linux Micro 6.2:dnsmasq-2.92rel2-160000.1.1.s390x",
"SUSE Linux Micro 6.2:dnsmasq-2.92rel2-160000.1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:dnsmasq-2.92rel2-160000.1.1.aarch64",
"SUSE Linux Micro 6.2:dnsmasq-2.92rel2-160000.1.1.ppc64le",
"SUSE Linux Micro 6.2:dnsmasq-2.92rel2-160000.1.1.s390x",
"SUSE Linux Micro 6.2:dnsmasq-2.92rel2-160000.1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-05-13T16:34:00Z",
"details": "moderate"
}
],
"title": "CVE-2026-4891"
},
{
"cve": "CVE-2026-4892",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-4892"
}
],
"notes": [
{
"category": "general",
"text": "A heap-based out-of-bounds write vulnerability in the DHCPv6 implementation of dnsmasq allows local attackers to execute arbitrary code with root privileges via a crafted DHCPv6 packet.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:dnsmasq-2.92rel2-160000.1.1.aarch64",
"SUSE Linux Micro 6.2:dnsmasq-2.92rel2-160000.1.1.ppc64le",
"SUSE Linux Micro 6.2:dnsmasq-2.92rel2-160000.1.1.s390x",
"SUSE Linux Micro 6.2:dnsmasq-2.92rel2-160000.1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-4892",
"url": "https://www.suse.com/security/cve/CVE-2026-4892"
},
{
"category": "external",
"summary": "SUSE Bug 1265003 for CVE-2026-4892",
"url": "https://bugzilla.suse.com/1265003"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:dnsmasq-2.92rel2-160000.1.1.aarch64",
"SUSE Linux Micro 6.2:dnsmasq-2.92rel2-160000.1.1.ppc64le",
"SUSE Linux Micro 6.2:dnsmasq-2.92rel2-160000.1.1.s390x",
"SUSE Linux Micro 6.2:dnsmasq-2.92rel2-160000.1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.4,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:dnsmasq-2.92rel2-160000.1.1.aarch64",
"SUSE Linux Micro 6.2:dnsmasq-2.92rel2-160000.1.1.ppc64le",
"SUSE Linux Micro 6.2:dnsmasq-2.92rel2-160000.1.1.s390x",
"SUSE Linux Micro 6.2:dnsmasq-2.92rel2-160000.1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-05-13T16:34:00Z",
"details": "important"
}
],
"title": "CVE-2026-4892"
},
{
"cve": "CVE-2026-4893",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-4893"
}
],
"notes": [
{
"category": "general",
"text": "An information disclosure vulnerability in dnsmasq allows remote attackers to bypass source checks via a crafted DNS packet with RFC 7871 client subnet information.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:dnsmasq-2.92rel2-160000.1.1.aarch64",
"SUSE Linux Micro 6.2:dnsmasq-2.92rel2-160000.1.1.ppc64le",
"SUSE Linux Micro 6.2:dnsmasq-2.92rel2-160000.1.1.s390x",
"SUSE Linux Micro 6.2:dnsmasq-2.92rel2-160000.1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-4893",
"url": "https://www.suse.com/security/cve/CVE-2026-4893"
},
{
"category": "external",
"summary": "SUSE Bug 1265004 for CVE-2026-4893",
"url": "https://bugzilla.suse.com/1265004"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:dnsmasq-2.92rel2-160000.1.1.aarch64",
"SUSE Linux Micro 6.2:dnsmasq-2.92rel2-160000.1.1.ppc64le",
"SUSE Linux Micro 6.2:dnsmasq-2.92rel2-160000.1.1.s390x",
"SUSE Linux Micro 6.2:dnsmasq-2.92rel2-160000.1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:dnsmasq-2.92rel2-160000.1.1.aarch64",
"SUSE Linux Micro 6.2:dnsmasq-2.92rel2-160000.1.1.ppc64le",
"SUSE Linux Micro 6.2:dnsmasq-2.92rel2-160000.1.1.s390x",
"SUSE Linux Micro 6.2:dnsmasq-2.92rel2-160000.1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-05-13T16:34:00Z",
"details": "moderate"
}
],
"title": "CVE-2026-4893"
},
{
"cve": "CVE-2026-5172",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-5172"
}
],
"notes": [
{
"category": "general",
"text": "A buffer overflow in dnsmasq\u0027s extract_addresses() function allows an attacker to trigger a heap out-of-bounds read and crash by exploiting a malformed DNS response, enabling extract_name() to advance the pointer past the record\u0027s end.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:dnsmasq-2.92rel2-160000.1.1.aarch64",
"SUSE Linux Micro 6.2:dnsmasq-2.92rel2-160000.1.1.ppc64le",
"SUSE Linux Micro 6.2:dnsmasq-2.92rel2-160000.1.1.s390x",
"SUSE Linux Micro 6.2:dnsmasq-2.92rel2-160000.1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-5172",
"url": "https://www.suse.com/security/cve/CVE-2026-5172"
},
{
"category": "external",
"summary": "SUSE Bug 1265006 for CVE-2026-5172",
"url": "https://bugzilla.suse.com/1265006"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:dnsmasq-2.92rel2-160000.1.1.aarch64",
"SUSE Linux Micro 6.2:dnsmasq-2.92rel2-160000.1.1.ppc64le",
"SUSE Linux Micro 6.2:dnsmasq-2.92rel2-160000.1.1.s390x",
"SUSE Linux Micro 6.2:dnsmasq-2.92rel2-160000.1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:dnsmasq-2.92rel2-160000.1.1.aarch64",
"SUSE Linux Micro 6.2:dnsmasq-2.92rel2-160000.1.1.ppc64le",
"SUSE Linux Micro 6.2:dnsmasq-2.92rel2-160000.1.1.s390x",
"SUSE Linux Micro 6.2:dnsmasq-2.92rel2-160000.1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-05-13T16:34:00Z",
"details": "important"
}
],
"title": "CVE-2026-5172"
},
{
"cve": "CVE-2026-6507",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-6507"
}
],
"notes": [
{
"category": "general",
"text": "A flaw was found in dnsmasq. A remote attacker could exploit an out-of-bounds write vulnerability by sending a specially crafted BOOTREPLY (Bootstrap Protocol Reply) packet to a dnsmasq server configured with the `--dhcp-split-relay` option. This can lead to memory corruption, causing the dnsmasq daemon to crash and resulting in a denial of service (DoS).",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:dnsmasq-2.92rel2-160000.1.1.aarch64",
"SUSE Linux Micro 6.2:dnsmasq-2.92rel2-160000.1.1.ppc64le",
"SUSE Linux Micro 6.2:dnsmasq-2.92rel2-160000.1.1.s390x",
"SUSE Linux Micro 6.2:dnsmasq-2.92rel2-160000.1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-6507",
"url": "https://www.suse.com/security/cve/CVE-2026-6507"
},
{
"category": "external",
"summary": "SUSE Bug 1262487 for CVE-2026-6507",
"url": "https://bugzilla.suse.com/1262487"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:dnsmasq-2.92rel2-160000.1.1.aarch64",
"SUSE Linux Micro 6.2:dnsmasq-2.92rel2-160000.1.1.ppc64le",
"SUSE Linux Micro 6.2:dnsmasq-2.92rel2-160000.1.1.s390x",
"SUSE Linux Micro 6.2:dnsmasq-2.92rel2-160000.1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:dnsmasq-2.92rel2-160000.1.1.aarch64",
"SUSE Linux Micro 6.2:dnsmasq-2.92rel2-160000.1.1.ppc64le",
"SUSE Linux Micro 6.2:dnsmasq-2.92rel2-160000.1.1.s390x",
"SUSE Linux Micro 6.2:dnsmasq-2.92rel2-160000.1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-05-13T16:34:00Z",
"details": "important"
}
],
"title": "CVE-2026-6507"
}
]
}
SUSE-SU-2026:21677-1
Vulnerability from csaf_suse - Published: 2026-05-15 10:44 - Updated: 2026-05-15 10:44| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Micro 6.0:dnsmasq-2.92rel2-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.0:dnsmasq-2.92rel2-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.0:dnsmasq-2.92rel2-1.1.x86_64 | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Micro 6.0:dnsmasq-2.92rel2-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.0:dnsmasq-2.92rel2-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.0:dnsmasq-2.92rel2-1.1.x86_64 | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Micro 6.0:dnsmasq-2.92rel2-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.0:dnsmasq-2.92rel2-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.0:dnsmasq-2.92rel2-1.1.x86_64 | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Micro 6.0:dnsmasq-2.92rel2-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.0:dnsmasq-2.92rel2-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.0:dnsmasq-2.92rel2-1.1.x86_64 | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Micro 6.0:dnsmasq-2.92rel2-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.0:dnsmasq-2.92rel2-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.0:dnsmasq-2.92rel2-1.1.x86_64 | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Micro 6.0:dnsmasq-2.92rel2-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.0:dnsmasq-2.92rel2-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.0:dnsmasq-2.92rel2-1.1.x86_64 | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Micro 6.0:dnsmasq-2.92rel2-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.0:dnsmasq-2.92rel2-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.0:dnsmasq-2.92rel2-1.1.x86_64 | — |
Vendor Fix
|
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for dnsmasq",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for dnsmasq fixes the following issues\n\nSecurity issues:\n\n- CVE-2026-2291: dnsmasq can be abused to record false cached data enabling DoS or attacker redirect\n (bsc#1258251).\n- CVE-2026-4890: DoS vulnerability in the DNSSEC validation (bsc#1265001).\n- CVE-2026-4891: heap-based out-of-bounds read vulnerability in the DNSSEC validation (bsc#1265002).\n- CVE-2026-4892: heap-based out-of-bounds write vulnerability in the DHCPv6 implementation (bsc#1265003).\n- CVE-2026-4893: information disclosure vulnerability in dnsmasq allows remote attackers to bypass source checks\n (bsc#1265004).\n- CVE-2026-5172: buffer overflow in dnsmasq\u0027s extract_addresses() function (bsc#1265006).\n- CVE-2026-6507: out-of-bounds write in DHCP BOOTREPLY processing can lead to denial of service (bsc#1262487).\n\nNon security issues:\n\n- aardvark-dns upstream tests make dnsmasq dump core (bsc#1247812).\n- Drop rcFOO symlinks for CODE16 (jsc#PED-266).\n- libnettle: update to 4.0 breaks dnsmasq and gnutls (bsc#1257934).\n\nChanges for dnsmasq:\n\n- Update to security release 2.92rel2\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-SLE-Micro-6.0-709",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2026_21677-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2026:21677-1",
"url": "https://www.suse.com/support/update/announcement/2026/suse-su-202621677-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2026:21677-1",
"url": "https://lists.suse.com/pipermail/sle-updates/2026-May/046590.html"
},
{
"category": "self",
"summary": "SUSE Bug 1247812",
"url": "https://bugzilla.suse.com/1247812"
},
{
"category": "self",
"summary": "SUSE Bug 1257934",
"url": "https://bugzilla.suse.com/1257934"
},
{
"category": "self",
"summary": "SUSE Bug 1258251",
"url": "https://bugzilla.suse.com/1258251"
},
{
"category": "self",
"summary": "SUSE Bug 1262487",
"url": "https://bugzilla.suse.com/1262487"
},
{
"category": "self",
"summary": "SUSE Bug 1265001",
"url": "https://bugzilla.suse.com/1265001"
},
{
"category": "self",
"summary": "SUSE Bug 1265002",
"url": "https://bugzilla.suse.com/1265002"
},
{
"category": "self",
"summary": "SUSE Bug 1265003",
"url": "https://bugzilla.suse.com/1265003"
},
{
"category": "self",
"summary": "SUSE Bug 1265004",
"url": "https://bugzilla.suse.com/1265004"
},
{
"category": "self",
"summary": "SUSE Bug 1265006",
"url": "https://bugzilla.suse.com/1265006"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-2291 page",
"url": "https://www.suse.com/security/cve/CVE-2026-2291/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-4890 page",
"url": "https://www.suse.com/security/cve/CVE-2026-4890/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-4891 page",
"url": "https://www.suse.com/security/cve/CVE-2026-4891/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-4892 page",
"url": "https://www.suse.com/security/cve/CVE-2026-4892/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-4893 page",
"url": "https://www.suse.com/security/cve/CVE-2026-4893/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-5172 page",
"url": "https://www.suse.com/security/cve/CVE-2026-5172/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-6507 page",
"url": "https://www.suse.com/security/cve/CVE-2026-6507/"
}
],
"title": "Security update for dnsmasq",
"tracking": {
"current_release_date": "2026-05-15T10:44:28Z",
"generator": {
"date": "2026-05-15T10:44:28Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2026:21677-1",
"initial_release_date": "2026-05-15T10:44:28Z",
"revision_history": [
{
"date": "2026-05-15T10:44:28Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "dnsmasq-2.92rel2-1.1.aarch64",
"product": {
"name": "dnsmasq-2.92rel2-1.1.aarch64",
"product_id": "dnsmasq-2.92rel2-1.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "dnsmasq-2.92rel2-1.1.s390x",
"product": {
"name": "dnsmasq-2.92rel2-1.1.s390x",
"product_id": "dnsmasq-2.92rel2-1.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "dnsmasq-2.92rel2-1.1.x86_64",
"product": {
"name": "dnsmasq-2.92rel2-1.1.x86_64",
"product_id": "dnsmasq-2.92rel2-1.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Micro 6.0",
"product": {
"name": "SUSE Linux Micro 6.0",
"product_id": "SUSE Linux Micro 6.0",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sl-micro:6.0"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "dnsmasq-2.92rel2-1.1.aarch64 as component of SUSE Linux Micro 6.0",
"product_id": "SUSE Linux Micro 6.0:dnsmasq-2.92rel2-1.1.aarch64"
},
"product_reference": "dnsmasq-2.92rel2-1.1.aarch64",
"relates_to_product_reference": "SUSE Linux Micro 6.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dnsmasq-2.92rel2-1.1.s390x as component of SUSE Linux Micro 6.0",
"product_id": "SUSE Linux Micro 6.0:dnsmasq-2.92rel2-1.1.s390x"
},
"product_reference": "dnsmasq-2.92rel2-1.1.s390x",
"relates_to_product_reference": "SUSE Linux Micro 6.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dnsmasq-2.92rel2-1.1.x86_64 as component of SUSE Linux Micro 6.0",
"product_id": "SUSE Linux Micro 6.0:dnsmasq-2.92rel2-1.1.x86_64"
},
"product_reference": "dnsmasq-2.92rel2-1.1.x86_64",
"relates_to_product_reference": "SUSE Linux Micro 6.0"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2026-2291",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-2291"
}
],
"notes": [
{
"category": "general",
"text": "dnsmasqs extract_name() function can be abused to cause a heap buffer overflow, allowing an attacker to inject false DNS cache entries, which could result in DNS lookups to redirect to an attacker-controlled IP address, or to cause a DoS.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:dnsmasq-2.92rel2-1.1.aarch64",
"SUSE Linux Micro 6.0:dnsmasq-2.92rel2-1.1.s390x",
"SUSE Linux Micro 6.0:dnsmasq-2.92rel2-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-2291",
"url": "https://www.suse.com/security/cve/CVE-2026-2291"
},
{
"category": "external",
"summary": "SUSE Bug 1258251 for CVE-2026-2291",
"url": "https://bugzilla.suse.com/1258251"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:dnsmasq-2.92rel2-1.1.aarch64",
"SUSE Linux Micro 6.0:dnsmasq-2.92rel2-1.1.s390x",
"SUSE Linux Micro 6.0:dnsmasq-2.92rel2-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:dnsmasq-2.92rel2-1.1.aarch64",
"SUSE Linux Micro 6.0:dnsmasq-2.92rel2-1.1.s390x",
"SUSE Linux Micro 6.0:dnsmasq-2.92rel2-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-05-15T10:44:28Z",
"details": "important"
}
],
"title": "CVE-2026-2291"
},
{
"cve": "CVE-2026-4890",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-4890"
}
],
"notes": [
{
"category": "general",
"text": "A Denial of Service (DoS) vulnerability in the DNSSEC validation of dnsmasq allows remote attackers to cause a denial of service via a crafted DNS packet.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:dnsmasq-2.92rel2-1.1.aarch64",
"SUSE Linux Micro 6.0:dnsmasq-2.92rel2-1.1.s390x",
"SUSE Linux Micro 6.0:dnsmasq-2.92rel2-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-4890",
"url": "https://www.suse.com/security/cve/CVE-2026-4890"
},
{
"category": "external",
"summary": "SUSE Bug 1265001 for CVE-2026-4890",
"url": "https://bugzilla.suse.com/1265001"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:dnsmasq-2.92rel2-1.1.aarch64",
"SUSE Linux Micro 6.0:dnsmasq-2.92rel2-1.1.s390x",
"SUSE Linux Micro 6.0:dnsmasq-2.92rel2-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:dnsmasq-2.92rel2-1.1.aarch64",
"SUSE Linux Micro 6.0:dnsmasq-2.92rel2-1.1.s390x",
"SUSE Linux Micro 6.0:dnsmasq-2.92rel2-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-05-15T10:44:28Z",
"details": "important"
}
],
"title": "CVE-2026-4890"
},
{
"cve": "CVE-2026-4891",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-4891"
}
],
"notes": [
{
"category": "general",
"text": "A heap-based out-of-bounds read vulnerability in the DNSSEC validation of dnsmasq allows remote attackers to cause a denial of service via a crafted DNS packet.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:dnsmasq-2.92rel2-1.1.aarch64",
"SUSE Linux Micro 6.0:dnsmasq-2.92rel2-1.1.s390x",
"SUSE Linux Micro 6.0:dnsmasq-2.92rel2-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-4891",
"url": "https://www.suse.com/security/cve/CVE-2026-4891"
},
{
"category": "external",
"summary": "SUSE Bug 1265002 for CVE-2026-4891",
"url": "https://bugzilla.suse.com/1265002"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:dnsmasq-2.92rel2-1.1.aarch64",
"SUSE Linux Micro 6.0:dnsmasq-2.92rel2-1.1.s390x",
"SUSE Linux Micro 6.0:dnsmasq-2.92rel2-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:dnsmasq-2.92rel2-1.1.aarch64",
"SUSE Linux Micro 6.0:dnsmasq-2.92rel2-1.1.s390x",
"SUSE Linux Micro 6.0:dnsmasq-2.92rel2-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-05-15T10:44:28Z",
"details": "moderate"
}
],
"title": "CVE-2026-4891"
},
{
"cve": "CVE-2026-4892",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-4892"
}
],
"notes": [
{
"category": "general",
"text": "A heap-based out-of-bounds write vulnerability in the DHCPv6 implementation of dnsmasq allows local attackers to execute arbitrary code with root privileges via a crafted DHCPv6 packet.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:dnsmasq-2.92rel2-1.1.aarch64",
"SUSE Linux Micro 6.0:dnsmasq-2.92rel2-1.1.s390x",
"SUSE Linux Micro 6.0:dnsmasq-2.92rel2-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-4892",
"url": "https://www.suse.com/security/cve/CVE-2026-4892"
},
{
"category": "external",
"summary": "SUSE Bug 1265003 for CVE-2026-4892",
"url": "https://bugzilla.suse.com/1265003"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:dnsmasq-2.92rel2-1.1.aarch64",
"SUSE Linux Micro 6.0:dnsmasq-2.92rel2-1.1.s390x",
"SUSE Linux Micro 6.0:dnsmasq-2.92rel2-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.4,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:dnsmasq-2.92rel2-1.1.aarch64",
"SUSE Linux Micro 6.0:dnsmasq-2.92rel2-1.1.s390x",
"SUSE Linux Micro 6.0:dnsmasq-2.92rel2-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-05-15T10:44:28Z",
"details": "important"
}
],
"title": "CVE-2026-4892"
},
{
"cve": "CVE-2026-4893",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-4893"
}
],
"notes": [
{
"category": "general",
"text": "An information disclosure vulnerability in dnsmasq allows remote attackers to bypass source checks via a crafted DNS packet with RFC 7871 client subnet information.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:dnsmasq-2.92rel2-1.1.aarch64",
"SUSE Linux Micro 6.0:dnsmasq-2.92rel2-1.1.s390x",
"SUSE Linux Micro 6.0:dnsmasq-2.92rel2-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-4893",
"url": "https://www.suse.com/security/cve/CVE-2026-4893"
},
{
"category": "external",
"summary": "SUSE Bug 1265004 for CVE-2026-4893",
"url": "https://bugzilla.suse.com/1265004"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:dnsmasq-2.92rel2-1.1.aarch64",
"SUSE Linux Micro 6.0:dnsmasq-2.92rel2-1.1.s390x",
"SUSE Linux Micro 6.0:dnsmasq-2.92rel2-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:dnsmasq-2.92rel2-1.1.aarch64",
"SUSE Linux Micro 6.0:dnsmasq-2.92rel2-1.1.s390x",
"SUSE Linux Micro 6.0:dnsmasq-2.92rel2-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-05-15T10:44:28Z",
"details": "moderate"
}
],
"title": "CVE-2026-4893"
},
{
"cve": "CVE-2026-5172",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-5172"
}
],
"notes": [
{
"category": "general",
"text": "A buffer overflow in dnsmasq\u0027s extract_addresses() function allows an attacker to trigger a heap out-of-bounds read and crash by exploiting a malformed DNS response, enabling extract_name() to advance the pointer past the record\u0027s end.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:dnsmasq-2.92rel2-1.1.aarch64",
"SUSE Linux Micro 6.0:dnsmasq-2.92rel2-1.1.s390x",
"SUSE Linux Micro 6.0:dnsmasq-2.92rel2-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-5172",
"url": "https://www.suse.com/security/cve/CVE-2026-5172"
},
{
"category": "external",
"summary": "SUSE Bug 1265006 for CVE-2026-5172",
"url": "https://bugzilla.suse.com/1265006"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:dnsmasq-2.92rel2-1.1.aarch64",
"SUSE Linux Micro 6.0:dnsmasq-2.92rel2-1.1.s390x",
"SUSE Linux Micro 6.0:dnsmasq-2.92rel2-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:dnsmasq-2.92rel2-1.1.aarch64",
"SUSE Linux Micro 6.0:dnsmasq-2.92rel2-1.1.s390x",
"SUSE Linux Micro 6.0:dnsmasq-2.92rel2-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-05-15T10:44:28Z",
"details": "important"
}
],
"title": "CVE-2026-5172"
},
{
"cve": "CVE-2026-6507",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-6507"
}
],
"notes": [
{
"category": "general",
"text": "A flaw was found in dnsmasq. A remote attacker could exploit an out-of-bounds write vulnerability by sending a specially crafted BOOTREPLY (Bootstrap Protocol Reply) packet to a dnsmasq server configured with the `--dhcp-split-relay` option. This can lead to memory corruption, causing the dnsmasq daemon to crash and resulting in a denial of service (DoS).",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:dnsmasq-2.92rel2-1.1.aarch64",
"SUSE Linux Micro 6.0:dnsmasq-2.92rel2-1.1.s390x",
"SUSE Linux Micro 6.0:dnsmasq-2.92rel2-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-6507",
"url": "https://www.suse.com/security/cve/CVE-2026-6507"
},
{
"category": "external",
"summary": "SUSE Bug 1262487 for CVE-2026-6507",
"url": "https://bugzilla.suse.com/1262487"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:dnsmasq-2.92rel2-1.1.aarch64",
"SUSE Linux Micro 6.0:dnsmasq-2.92rel2-1.1.s390x",
"SUSE Linux Micro 6.0:dnsmasq-2.92rel2-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:dnsmasq-2.92rel2-1.1.aarch64",
"SUSE Linux Micro 6.0:dnsmasq-2.92rel2-1.1.s390x",
"SUSE Linux Micro 6.0:dnsmasq-2.92rel2-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-05-15T10:44:28Z",
"details": "important"
}
],
"title": "CVE-2026-6507"
}
]
}
SUSE-SU-2026:21733-1
Vulnerability from csaf_suse - Published: 2026-05-19 11:42 - Updated: 2026-05-19 11:42| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Micro 6.1:dnsmasq-2.92rel2-slfo.1.1_1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:dnsmasq-2.92rel2-slfo.1.1_1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:dnsmasq-2.92rel2-slfo.1.1_1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:dnsmasq-2.92rel2-slfo.1.1_1.1.x86_64 | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Micro 6.1:dnsmasq-2.92rel2-slfo.1.1_1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:dnsmasq-2.92rel2-slfo.1.1_1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:dnsmasq-2.92rel2-slfo.1.1_1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:dnsmasq-2.92rel2-slfo.1.1_1.1.x86_64 | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Micro 6.1:dnsmasq-2.92rel2-slfo.1.1_1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:dnsmasq-2.92rel2-slfo.1.1_1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:dnsmasq-2.92rel2-slfo.1.1_1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:dnsmasq-2.92rel2-slfo.1.1_1.1.x86_64 | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Micro 6.1:dnsmasq-2.92rel2-slfo.1.1_1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:dnsmasq-2.92rel2-slfo.1.1_1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:dnsmasq-2.92rel2-slfo.1.1_1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:dnsmasq-2.92rel2-slfo.1.1_1.1.x86_64 | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Micro 6.1:dnsmasq-2.92rel2-slfo.1.1_1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:dnsmasq-2.92rel2-slfo.1.1_1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:dnsmasq-2.92rel2-slfo.1.1_1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:dnsmasq-2.92rel2-slfo.1.1_1.1.x86_64 | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Micro 6.1:dnsmasq-2.92rel2-slfo.1.1_1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:dnsmasq-2.92rel2-slfo.1.1_1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:dnsmasq-2.92rel2-slfo.1.1_1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:dnsmasq-2.92rel2-slfo.1.1_1.1.x86_64 | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Micro 6.1:dnsmasq-2.92rel2-slfo.1.1_1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:dnsmasq-2.92rel2-slfo.1.1_1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:dnsmasq-2.92rel2-slfo.1.1_1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:dnsmasq-2.92rel2-slfo.1.1_1.1.x86_64 | — |
Vendor Fix
|
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for dnsmasq",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for dnsmasq fixes the following issues\n\nSecurity issues:\n\n- CVE-2026-2291: dnsmasq can be abused to record false cached data enabling DoS or attacker redirect\n (bsc#1258251).\n- CVE-2026-4890: DoS vulnerability in the DNSSEC validation (bsc#1265001).\n- CVE-2026-4891: heap-based out-of-bounds read vulnerability in the DNSSEC validation (bsc#1265002).\n- CVE-2026-4892: heap-based out-of-bounds write vulnerability in the DHCPv6 implementation (bsc#1265003).\n- CVE-2026-4893: information disclosure vulnerability in dnsmasq allows remote attackers to bypass source checks\n (bsc#1265004).\n- CVE-2026-5172: buffer overflow in dnsmasq\u0027s extract_addresses() function (bsc#1265006).\n- CVE-2026-6507: out-of-bounds write in DHCP BOOTREPLY processing can lead to denial of service (bsc#1262487).\n\nNon security issues:\n\n- aardvark-dns upstream tests make dnsmasq dump core (bsc#1247812).\n- Drop rcFOO symlinks for CODE16 (jsc#PED-266).\n- libnettle: update to 4.0 breaks dnsmasq and gnutls (bsc#1257934).\n\nChanges for dnsmasq:\n\n- Update to security release 2.92rel2\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-SLE-Micro-6.1-533",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2026_21733-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2026:21733-1",
"url": "https://www.suse.com/support/update/announcement/2026/suse-su-202621733-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2026:21733-1",
"url": "https://lists.suse.com/pipermail/sle-updates/2026-May/046715.html"
},
{
"category": "self",
"summary": "SUSE Bug 1247812",
"url": "https://bugzilla.suse.com/1247812"
},
{
"category": "self",
"summary": "SUSE Bug 1257934",
"url": "https://bugzilla.suse.com/1257934"
},
{
"category": "self",
"summary": "SUSE Bug 1258251",
"url": "https://bugzilla.suse.com/1258251"
},
{
"category": "self",
"summary": "SUSE Bug 1262487",
"url": "https://bugzilla.suse.com/1262487"
},
{
"category": "self",
"summary": "SUSE Bug 1265001",
"url": "https://bugzilla.suse.com/1265001"
},
{
"category": "self",
"summary": "SUSE Bug 1265002",
"url": "https://bugzilla.suse.com/1265002"
},
{
"category": "self",
"summary": "SUSE Bug 1265003",
"url": "https://bugzilla.suse.com/1265003"
},
{
"category": "self",
"summary": "SUSE Bug 1265004",
"url": "https://bugzilla.suse.com/1265004"
},
{
"category": "self",
"summary": "SUSE Bug 1265006",
"url": "https://bugzilla.suse.com/1265006"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-2291 page",
"url": "https://www.suse.com/security/cve/CVE-2026-2291/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-4890 page",
"url": "https://www.suse.com/security/cve/CVE-2026-4890/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-4891 page",
"url": "https://www.suse.com/security/cve/CVE-2026-4891/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-4892 page",
"url": "https://www.suse.com/security/cve/CVE-2026-4892/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-4893 page",
"url": "https://www.suse.com/security/cve/CVE-2026-4893/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-5172 page",
"url": "https://www.suse.com/security/cve/CVE-2026-5172/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-6507 page",
"url": "https://www.suse.com/security/cve/CVE-2026-6507/"
}
],
"title": "Security update for dnsmasq",
"tracking": {
"current_release_date": "2026-05-19T11:42:27Z",
"generator": {
"date": "2026-05-19T11:42:27Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2026:21733-1",
"initial_release_date": "2026-05-19T11:42:27Z",
"revision_history": [
{
"date": "2026-05-19T11:42:27Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "dnsmasq-2.92rel2-slfo.1.1_1.1.aarch64",
"product": {
"name": "dnsmasq-2.92rel2-slfo.1.1_1.1.aarch64",
"product_id": "dnsmasq-2.92rel2-slfo.1.1_1.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "dnsmasq-2.92rel2-slfo.1.1_1.1.ppc64le",
"product": {
"name": "dnsmasq-2.92rel2-slfo.1.1_1.1.ppc64le",
"product_id": "dnsmasq-2.92rel2-slfo.1.1_1.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "dnsmasq-2.92rel2-slfo.1.1_1.1.s390x",
"product": {
"name": "dnsmasq-2.92rel2-slfo.1.1_1.1.s390x",
"product_id": "dnsmasq-2.92rel2-slfo.1.1_1.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "dnsmasq-2.92rel2-slfo.1.1_1.1.x86_64",
"product": {
"name": "dnsmasq-2.92rel2-slfo.1.1_1.1.x86_64",
"product_id": "dnsmasq-2.92rel2-slfo.1.1_1.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Micro 6.1",
"product": {
"name": "SUSE Linux Micro 6.1",
"product_id": "SUSE Linux Micro 6.1",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sl-micro:6.1"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "dnsmasq-2.92rel2-slfo.1.1_1.1.aarch64 as component of SUSE Linux Micro 6.1",
"product_id": "SUSE Linux Micro 6.1:dnsmasq-2.92rel2-slfo.1.1_1.1.aarch64"
},
"product_reference": "dnsmasq-2.92rel2-slfo.1.1_1.1.aarch64",
"relates_to_product_reference": "SUSE Linux Micro 6.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dnsmasq-2.92rel2-slfo.1.1_1.1.ppc64le as component of SUSE Linux Micro 6.1",
"product_id": "SUSE Linux Micro 6.1:dnsmasq-2.92rel2-slfo.1.1_1.1.ppc64le"
},
"product_reference": "dnsmasq-2.92rel2-slfo.1.1_1.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Micro 6.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dnsmasq-2.92rel2-slfo.1.1_1.1.s390x as component of SUSE Linux Micro 6.1",
"product_id": "SUSE Linux Micro 6.1:dnsmasq-2.92rel2-slfo.1.1_1.1.s390x"
},
"product_reference": "dnsmasq-2.92rel2-slfo.1.1_1.1.s390x",
"relates_to_product_reference": "SUSE Linux Micro 6.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dnsmasq-2.92rel2-slfo.1.1_1.1.x86_64 as component of SUSE Linux Micro 6.1",
"product_id": "SUSE Linux Micro 6.1:dnsmasq-2.92rel2-slfo.1.1_1.1.x86_64"
},
"product_reference": "dnsmasq-2.92rel2-slfo.1.1_1.1.x86_64",
"relates_to_product_reference": "SUSE Linux Micro 6.1"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2026-2291",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-2291"
}
],
"notes": [
{
"category": "general",
"text": "dnsmasqs extract_name() function can be abused to cause a heap buffer overflow, allowing an attacker to inject false DNS cache entries, which could result in DNS lookups to redirect to an attacker-controlled IP address, or to cause a DoS.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:dnsmasq-2.92rel2-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:dnsmasq-2.92rel2-slfo.1.1_1.1.ppc64le",
"SUSE Linux Micro 6.1:dnsmasq-2.92rel2-slfo.1.1_1.1.s390x",
"SUSE Linux Micro 6.1:dnsmasq-2.92rel2-slfo.1.1_1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-2291",
"url": "https://www.suse.com/security/cve/CVE-2026-2291"
},
{
"category": "external",
"summary": "SUSE Bug 1258251 for CVE-2026-2291",
"url": "https://bugzilla.suse.com/1258251"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:dnsmasq-2.92rel2-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:dnsmasq-2.92rel2-slfo.1.1_1.1.ppc64le",
"SUSE Linux Micro 6.1:dnsmasq-2.92rel2-slfo.1.1_1.1.s390x",
"SUSE Linux Micro 6.1:dnsmasq-2.92rel2-slfo.1.1_1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:dnsmasq-2.92rel2-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:dnsmasq-2.92rel2-slfo.1.1_1.1.ppc64le",
"SUSE Linux Micro 6.1:dnsmasq-2.92rel2-slfo.1.1_1.1.s390x",
"SUSE Linux Micro 6.1:dnsmasq-2.92rel2-slfo.1.1_1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-05-19T11:42:27Z",
"details": "important"
}
],
"title": "CVE-2026-2291"
},
{
"cve": "CVE-2026-4890",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-4890"
}
],
"notes": [
{
"category": "general",
"text": "A Denial of Service (DoS) vulnerability in the DNSSEC validation of dnsmasq allows remote attackers to cause a denial of service via a crafted DNS packet.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:dnsmasq-2.92rel2-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:dnsmasq-2.92rel2-slfo.1.1_1.1.ppc64le",
"SUSE Linux Micro 6.1:dnsmasq-2.92rel2-slfo.1.1_1.1.s390x",
"SUSE Linux Micro 6.1:dnsmasq-2.92rel2-slfo.1.1_1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-4890",
"url": "https://www.suse.com/security/cve/CVE-2026-4890"
},
{
"category": "external",
"summary": "SUSE Bug 1265001 for CVE-2026-4890",
"url": "https://bugzilla.suse.com/1265001"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:dnsmasq-2.92rel2-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:dnsmasq-2.92rel2-slfo.1.1_1.1.ppc64le",
"SUSE Linux Micro 6.1:dnsmasq-2.92rel2-slfo.1.1_1.1.s390x",
"SUSE Linux Micro 6.1:dnsmasq-2.92rel2-slfo.1.1_1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:dnsmasq-2.92rel2-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:dnsmasq-2.92rel2-slfo.1.1_1.1.ppc64le",
"SUSE Linux Micro 6.1:dnsmasq-2.92rel2-slfo.1.1_1.1.s390x",
"SUSE Linux Micro 6.1:dnsmasq-2.92rel2-slfo.1.1_1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-05-19T11:42:27Z",
"details": "important"
}
],
"title": "CVE-2026-4890"
},
{
"cve": "CVE-2026-4891",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-4891"
}
],
"notes": [
{
"category": "general",
"text": "A heap-based out-of-bounds read vulnerability in the DNSSEC validation of dnsmasq allows remote attackers to cause a denial of service via a crafted DNS packet.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:dnsmasq-2.92rel2-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:dnsmasq-2.92rel2-slfo.1.1_1.1.ppc64le",
"SUSE Linux Micro 6.1:dnsmasq-2.92rel2-slfo.1.1_1.1.s390x",
"SUSE Linux Micro 6.1:dnsmasq-2.92rel2-slfo.1.1_1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-4891",
"url": "https://www.suse.com/security/cve/CVE-2026-4891"
},
{
"category": "external",
"summary": "SUSE Bug 1265002 for CVE-2026-4891",
"url": "https://bugzilla.suse.com/1265002"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:dnsmasq-2.92rel2-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:dnsmasq-2.92rel2-slfo.1.1_1.1.ppc64le",
"SUSE Linux Micro 6.1:dnsmasq-2.92rel2-slfo.1.1_1.1.s390x",
"SUSE Linux Micro 6.1:dnsmasq-2.92rel2-slfo.1.1_1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:dnsmasq-2.92rel2-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:dnsmasq-2.92rel2-slfo.1.1_1.1.ppc64le",
"SUSE Linux Micro 6.1:dnsmasq-2.92rel2-slfo.1.1_1.1.s390x",
"SUSE Linux Micro 6.1:dnsmasq-2.92rel2-slfo.1.1_1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-05-19T11:42:27Z",
"details": "moderate"
}
],
"title": "CVE-2026-4891"
},
{
"cve": "CVE-2026-4892",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-4892"
}
],
"notes": [
{
"category": "general",
"text": "A heap-based out-of-bounds write vulnerability in the DHCPv6 implementation of dnsmasq allows local attackers to execute arbitrary code with root privileges via a crafted DHCPv6 packet.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:dnsmasq-2.92rel2-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:dnsmasq-2.92rel2-slfo.1.1_1.1.ppc64le",
"SUSE Linux Micro 6.1:dnsmasq-2.92rel2-slfo.1.1_1.1.s390x",
"SUSE Linux Micro 6.1:dnsmasq-2.92rel2-slfo.1.1_1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-4892",
"url": "https://www.suse.com/security/cve/CVE-2026-4892"
},
{
"category": "external",
"summary": "SUSE Bug 1265003 for CVE-2026-4892",
"url": "https://bugzilla.suse.com/1265003"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:dnsmasq-2.92rel2-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:dnsmasq-2.92rel2-slfo.1.1_1.1.ppc64le",
"SUSE Linux Micro 6.1:dnsmasq-2.92rel2-slfo.1.1_1.1.s390x",
"SUSE Linux Micro 6.1:dnsmasq-2.92rel2-slfo.1.1_1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.4,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:dnsmasq-2.92rel2-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:dnsmasq-2.92rel2-slfo.1.1_1.1.ppc64le",
"SUSE Linux Micro 6.1:dnsmasq-2.92rel2-slfo.1.1_1.1.s390x",
"SUSE Linux Micro 6.1:dnsmasq-2.92rel2-slfo.1.1_1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-05-19T11:42:27Z",
"details": "important"
}
],
"title": "CVE-2026-4892"
},
{
"cve": "CVE-2026-4893",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-4893"
}
],
"notes": [
{
"category": "general",
"text": "An information disclosure vulnerability in dnsmasq allows remote attackers to bypass source checks via a crafted DNS packet with RFC 7871 client subnet information.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:dnsmasq-2.92rel2-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:dnsmasq-2.92rel2-slfo.1.1_1.1.ppc64le",
"SUSE Linux Micro 6.1:dnsmasq-2.92rel2-slfo.1.1_1.1.s390x",
"SUSE Linux Micro 6.1:dnsmasq-2.92rel2-slfo.1.1_1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-4893",
"url": "https://www.suse.com/security/cve/CVE-2026-4893"
},
{
"category": "external",
"summary": "SUSE Bug 1265004 for CVE-2026-4893",
"url": "https://bugzilla.suse.com/1265004"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:dnsmasq-2.92rel2-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:dnsmasq-2.92rel2-slfo.1.1_1.1.ppc64le",
"SUSE Linux Micro 6.1:dnsmasq-2.92rel2-slfo.1.1_1.1.s390x",
"SUSE Linux Micro 6.1:dnsmasq-2.92rel2-slfo.1.1_1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:dnsmasq-2.92rel2-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:dnsmasq-2.92rel2-slfo.1.1_1.1.ppc64le",
"SUSE Linux Micro 6.1:dnsmasq-2.92rel2-slfo.1.1_1.1.s390x",
"SUSE Linux Micro 6.1:dnsmasq-2.92rel2-slfo.1.1_1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-05-19T11:42:27Z",
"details": "moderate"
}
],
"title": "CVE-2026-4893"
},
{
"cve": "CVE-2026-5172",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-5172"
}
],
"notes": [
{
"category": "general",
"text": "A buffer overflow in dnsmasq\u0027s extract_addresses() function allows an attacker to trigger a heap out-of-bounds read and crash by exploiting a malformed DNS response, enabling extract_name() to advance the pointer past the record\u0027s end.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:dnsmasq-2.92rel2-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:dnsmasq-2.92rel2-slfo.1.1_1.1.ppc64le",
"SUSE Linux Micro 6.1:dnsmasq-2.92rel2-slfo.1.1_1.1.s390x",
"SUSE Linux Micro 6.1:dnsmasq-2.92rel2-slfo.1.1_1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-5172",
"url": "https://www.suse.com/security/cve/CVE-2026-5172"
},
{
"category": "external",
"summary": "SUSE Bug 1265006 for CVE-2026-5172",
"url": "https://bugzilla.suse.com/1265006"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:dnsmasq-2.92rel2-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:dnsmasq-2.92rel2-slfo.1.1_1.1.ppc64le",
"SUSE Linux Micro 6.1:dnsmasq-2.92rel2-slfo.1.1_1.1.s390x",
"SUSE Linux Micro 6.1:dnsmasq-2.92rel2-slfo.1.1_1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:dnsmasq-2.92rel2-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:dnsmasq-2.92rel2-slfo.1.1_1.1.ppc64le",
"SUSE Linux Micro 6.1:dnsmasq-2.92rel2-slfo.1.1_1.1.s390x",
"SUSE Linux Micro 6.1:dnsmasq-2.92rel2-slfo.1.1_1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-05-19T11:42:27Z",
"details": "important"
}
],
"title": "CVE-2026-5172"
},
{
"cve": "CVE-2026-6507",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-6507"
}
],
"notes": [
{
"category": "general",
"text": "A flaw was found in dnsmasq. A remote attacker could exploit an out-of-bounds write vulnerability by sending a specially crafted BOOTREPLY (Bootstrap Protocol Reply) packet to a dnsmasq server configured with the `--dhcp-split-relay` option. This can lead to memory corruption, causing the dnsmasq daemon to crash and resulting in a denial of service (DoS).",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:dnsmasq-2.92rel2-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:dnsmasq-2.92rel2-slfo.1.1_1.1.ppc64le",
"SUSE Linux Micro 6.1:dnsmasq-2.92rel2-slfo.1.1_1.1.s390x",
"SUSE Linux Micro 6.1:dnsmasq-2.92rel2-slfo.1.1_1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-6507",
"url": "https://www.suse.com/security/cve/CVE-2026-6507"
},
{
"category": "external",
"summary": "SUSE Bug 1262487 for CVE-2026-6507",
"url": "https://bugzilla.suse.com/1262487"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:dnsmasq-2.92rel2-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:dnsmasq-2.92rel2-slfo.1.1_1.1.ppc64le",
"SUSE Linux Micro 6.1:dnsmasq-2.92rel2-slfo.1.1_1.1.s390x",
"SUSE Linux Micro 6.1:dnsmasq-2.92rel2-slfo.1.1_1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:dnsmasq-2.92rel2-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:dnsmasq-2.92rel2-slfo.1.1_1.1.ppc64le",
"SUSE Linux Micro 6.1:dnsmasq-2.92rel2-slfo.1.1_1.1.s390x",
"SUSE Linux Micro 6.1:dnsmasq-2.92rel2-slfo.1.1_1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-05-19T11:42:27Z",
"details": "important"
}
],
"title": "CVE-2026-6507"
}
]
}
SUSE-SU-2026:21788-1
Vulnerability from csaf_suse - Published: 2026-05-13 16:34 - Updated: 2026-05-13 16:34| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:dnsmasq-2.92rel2-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:dnsmasq-2.92rel2-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:dnsmasq-2.92rel2-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:dnsmasq-2.92rel2-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:dnsmasq-utils-2.92rel2-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:dnsmasq-utils-2.92rel2-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:dnsmasq-utils-2.92rel2-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:dnsmasq-utils-2.92rel2-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:dnsmasq-2.92rel2-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:dnsmasq-2.92rel2-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:dnsmasq-2.92rel2-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:dnsmasq-2.92rel2-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:dnsmasq-utils-2.92rel2-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:dnsmasq-utils-2.92rel2-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:dnsmasq-utils-2.92rel2-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:dnsmasq-utils-2.92rel2-160000.1.1.x86_64 | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:dnsmasq-2.92rel2-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:dnsmasq-2.92rel2-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:dnsmasq-2.92rel2-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:dnsmasq-2.92rel2-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:dnsmasq-utils-2.92rel2-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:dnsmasq-utils-2.92rel2-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:dnsmasq-utils-2.92rel2-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:dnsmasq-utils-2.92rel2-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:dnsmasq-2.92rel2-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:dnsmasq-2.92rel2-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:dnsmasq-2.92rel2-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:dnsmasq-2.92rel2-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:dnsmasq-utils-2.92rel2-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:dnsmasq-utils-2.92rel2-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:dnsmasq-utils-2.92rel2-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:dnsmasq-utils-2.92rel2-160000.1.1.x86_64 | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:dnsmasq-2.92rel2-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:dnsmasq-2.92rel2-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:dnsmasq-2.92rel2-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:dnsmasq-2.92rel2-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:dnsmasq-utils-2.92rel2-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:dnsmasq-utils-2.92rel2-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:dnsmasq-utils-2.92rel2-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:dnsmasq-utils-2.92rel2-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:dnsmasq-2.92rel2-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:dnsmasq-2.92rel2-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:dnsmasq-2.92rel2-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:dnsmasq-2.92rel2-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:dnsmasq-utils-2.92rel2-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:dnsmasq-utils-2.92rel2-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:dnsmasq-utils-2.92rel2-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:dnsmasq-utils-2.92rel2-160000.1.1.x86_64 | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:dnsmasq-2.92rel2-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:dnsmasq-2.92rel2-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:dnsmasq-2.92rel2-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:dnsmasq-2.92rel2-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:dnsmasq-utils-2.92rel2-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:dnsmasq-utils-2.92rel2-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:dnsmasq-utils-2.92rel2-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:dnsmasq-utils-2.92rel2-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:dnsmasq-2.92rel2-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:dnsmasq-2.92rel2-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:dnsmasq-2.92rel2-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:dnsmasq-2.92rel2-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:dnsmasq-utils-2.92rel2-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:dnsmasq-utils-2.92rel2-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:dnsmasq-utils-2.92rel2-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:dnsmasq-utils-2.92rel2-160000.1.1.x86_64 | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:dnsmasq-2.92rel2-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:dnsmasq-2.92rel2-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:dnsmasq-2.92rel2-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:dnsmasq-2.92rel2-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:dnsmasq-utils-2.92rel2-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:dnsmasq-utils-2.92rel2-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:dnsmasq-utils-2.92rel2-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:dnsmasq-utils-2.92rel2-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:dnsmasq-2.92rel2-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:dnsmasq-2.92rel2-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:dnsmasq-2.92rel2-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:dnsmasq-2.92rel2-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:dnsmasq-utils-2.92rel2-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:dnsmasq-utils-2.92rel2-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:dnsmasq-utils-2.92rel2-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:dnsmasq-utils-2.92rel2-160000.1.1.x86_64 | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:dnsmasq-2.92rel2-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:dnsmasq-2.92rel2-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:dnsmasq-2.92rel2-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:dnsmasq-2.92rel2-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:dnsmasq-utils-2.92rel2-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:dnsmasq-utils-2.92rel2-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:dnsmasq-utils-2.92rel2-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:dnsmasq-utils-2.92rel2-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:dnsmasq-2.92rel2-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:dnsmasq-2.92rel2-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:dnsmasq-2.92rel2-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:dnsmasq-2.92rel2-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:dnsmasq-utils-2.92rel2-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:dnsmasq-utils-2.92rel2-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:dnsmasq-utils-2.92rel2-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:dnsmasq-utils-2.92rel2-160000.1.1.x86_64 | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:dnsmasq-2.92rel2-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:dnsmasq-2.92rel2-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:dnsmasq-2.92rel2-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:dnsmasq-2.92rel2-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:dnsmasq-utils-2.92rel2-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:dnsmasq-utils-2.92rel2-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:dnsmasq-utils-2.92rel2-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:dnsmasq-utils-2.92rel2-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:dnsmasq-2.92rel2-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:dnsmasq-2.92rel2-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:dnsmasq-2.92rel2-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:dnsmasq-2.92rel2-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:dnsmasq-utils-2.92rel2-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:dnsmasq-utils-2.92rel2-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:dnsmasq-utils-2.92rel2-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:dnsmasq-utils-2.92rel2-160000.1.1.x86_64 | — |
Vendor Fix
|
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for dnsmasq",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for dnsmasq fixes the following issues\n\nSecurity issues:\n\n- CVE-2026-2291: dnsmasq can be abused to record false cached data enabling DoS or attacker redirect\n (bsc#1258251).\n- CVE-2026-4890: DoS vulnerability in the DNSSEC validation (bsc#1265001).\n- CVE-2026-4891: heap-based out-of-bounds read vulnerability in the DNSSEC validation (bsc#1265002).\n- CVE-2026-4892: heap-based out-of-bounds write vulnerability in the DHCPv6 implementation (bsc#1265003).\n- CVE-2026-4893: information disclosure vulnerability in dnsmasq allows remote attackers to bypass source checks\n (bsc#1265004).\n- CVE-2026-5172: buffer overflow in dnsmasq\u0027s extract_addresses() function (bsc#1265006).\n- CVE-2026-6507: out-of-bounds write in DHCP BOOTREPLY processing can lead to denial of service (bsc#1262487).\n\nNon security issues:\n\n- aardvark-dns upstream tests make dnsmasq dump core (bsc#1247812).\n- Drop rcFOO symlinks for CODE16 (jsc#PED-266.\n- libnettle: update to 4.0 breaks dnsmasq and gnutls (bsc#1257934).\n- unknown user or group: dnsmasq with latest proposed dnsmasq update when doing virsh net-start (bsc#1235517).\n- Update to security release 2.92rel2.\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-SLES-16.0-742",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2026_21788-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2026:21788-1",
"url": "https://www.suse.com/support/update/announcement/2026/suse-su-202621788-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2026:21788-1",
"url": "https://lists.suse.com/pipermail/sle-updates/2026-May/046825.html"
},
{
"category": "self",
"summary": "SUSE Bug 1235517",
"url": "https://bugzilla.suse.com/1235517"
},
{
"category": "self",
"summary": "SUSE Bug 1235834",
"url": "https://bugzilla.suse.com/1235834"
},
{
"category": "self",
"summary": "SUSE Bug 1247812",
"url": "https://bugzilla.suse.com/1247812"
},
{
"category": "self",
"summary": "SUSE Bug 1257934",
"url": "https://bugzilla.suse.com/1257934"
},
{
"category": "self",
"summary": "SUSE Bug 1258251",
"url": "https://bugzilla.suse.com/1258251"
},
{
"category": "self",
"summary": "SUSE Bug 1262487",
"url": "https://bugzilla.suse.com/1262487"
},
{
"category": "self",
"summary": "SUSE Bug 1265001",
"url": "https://bugzilla.suse.com/1265001"
},
{
"category": "self",
"summary": "SUSE Bug 1265002",
"url": "https://bugzilla.suse.com/1265002"
},
{
"category": "self",
"summary": "SUSE Bug 1265003",
"url": "https://bugzilla.suse.com/1265003"
},
{
"category": "self",
"summary": "SUSE Bug 1265004",
"url": "https://bugzilla.suse.com/1265004"
},
{
"category": "self",
"summary": "SUSE Bug 1265006",
"url": "https://bugzilla.suse.com/1265006"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-2291 page",
"url": "https://www.suse.com/security/cve/CVE-2026-2291/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-4890 page",
"url": "https://www.suse.com/security/cve/CVE-2026-4890/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-4891 page",
"url": "https://www.suse.com/security/cve/CVE-2026-4891/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-4892 page",
"url": "https://www.suse.com/security/cve/CVE-2026-4892/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-4893 page",
"url": "https://www.suse.com/security/cve/CVE-2026-4893/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-5172 page",
"url": "https://www.suse.com/security/cve/CVE-2026-5172/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-6507 page",
"url": "https://www.suse.com/security/cve/CVE-2026-6507/"
}
],
"title": "Security update for dnsmasq",
"tracking": {
"current_release_date": "2026-05-13T16:34:00Z",
"generator": {
"date": "2026-05-13T16:34:00Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2026:21788-1",
"initial_release_date": "2026-05-13T16:34:00Z",
"revision_history": [
{
"date": "2026-05-13T16:34:00Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "dnsmasq-2.92rel2-160000.1.1.aarch64",
"product": {
"name": "dnsmasq-2.92rel2-160000.1.1.aarch64",
"product_id": "dnsmasq-2.92rel2-160000.1.1.aarch64"
}
},
{
"category": "product_version",
"name": "dnsmasq-utils-2.92rel2-160000.1.1.aarch64",
"product": {
"name": "dnsmasq-utils-2.92rel2-160000.1.1.aarch64",
"product_id": "dnsmasq-utils-2.92rel2-160000.1.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "dnsmasq-2.92rel2-160000.1.1.ppc64le",
"product": {
"name": "dnsmasq-2.92rel2-160000.1.1.ppc64le",
"product_id": "dnsmasq-2.92rel2-160000.1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "dnsmasq-utils-2.92rel2-160000.1.1.ppc64le",
"product": {
"name": "dnsmasq-utils-2.92rel2-160000.1.1.ppc64le",
"product_id": "dnsmasq-utils-2.92rel2-160000.1.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "dnsmasq-2.92rel2-160000.1.1.s390x",
"product": {
"name": "dnsmasq-2.92rel2-160000.1.1.s390x",
"product_id": "dnsmasq-2.92rel2-160000.1.1.s390x"
}
},
{
"category": "product_version",
"name": "dnsmasq-utils-2.92rel2-160000.1.1.s390x",
"product": {
"name": "dnsmasq-utils-2.92rel2-160000.1.1.s390x",
"product_id": "dnsmasq-utils-2.92rel2-160000.1.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "dnsmasq-2.92rel2-160000.1.1.x86_64",
"product": {
"name": "dnsmasq-2.92rel2-160000.1.1.x86_64",
"product_id": "dnsmasq-2.92rel2-160000.1.1.x86_64"
}
},
{
"category": "product_version",
"name": "dnsmasq-utils-2.92rel2-160000.1.1.x86_64",
"product": {
"name": "dnsmasq-utils-2.92rel2-160000.1.1.x86_64",
"product_id": "dnsmasq-utils-2.92rel2-160000.1.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 16.0",
"product": {
"name": "SUSE Linux Enterprise Server 16.0",
"product_id": "SUSE Linux Enterprise Server 16.0",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles:16:16.0:server"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server for SAP applications 16.0",
"product": {
"name": "SUSE Linux Enterprise Server for SAP applications 16.0",
"product_id": "SUSE Linux Enterprise Server for SAP applications 16.0",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles:16:16.0:server-sap"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "dnsmasq-2.92rel2-160000.1.1.aarch64 as component of SUSE Linux Enterprise Server 16.0",
"product_id": "SUSE Linux Enterprise Server 16.0:dnsmasq-2.92rel2-160000.1.1.aarch64"
},
"product_reference": "dnsmasq-2.92rel2-160000.1.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dnsmasq-2.92rel2-160000.1.1.ppc64le as component of SUSE Linux Enterprise Server 16.0",
"product_id": "SUSE Linux Enterprise Server 16.0:dnsmasq-2.92rel2-160000.1.1.ppc64le"
},
"product_reference": "dnsmasq-2.92rel2-160000.1.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dnsmasq-2.92rel2-160000.1.1.s390x as component of SUSE Linux Enterprise Server 16.0",
"product_id": "SUSE Linux Enterprise Server 16.0:dnsmasq-2.92rel2-160000.1.1.s390x"
},
"product_reference": "dnsmasq-2.92rel2-160000.1.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dnsmasq-2.92rel2-160000.1.1.x86_64 as component of SUSE Linux Enterprise Server 16.0",
"product_id": "SUSE Linux Enterprise Server 16.0:dnsmasq-2.92rel2-160000.1.1.x86_64"
},
"product_reference": "dnsmasq-2.92rel2-160000.1.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dnsmasq-utils-2.92rel2-160000.1.1.aarch64 as component of SUSE Linux Enterprise Server 16.0",
"product_id": "SUSE Linux Enterprise Server 16.0:dnsmasq-utils-2.92rel2-160000.1.1.aarch64"
},
"product_reference": "dnsmasq-utils-2.92rel2-160000.1.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dnsmasq-utils-2.92rel2-160000.1.1.ppc64le as component of SUSE Linux Enterprise Server 16.0",
"product_id": "SUSE Linux Enterprise Server 16.0:dnsmasq-utils-2.92rel2-160000.1.1.ppc64le"
},
"product_reference": "dnsmasq-utils-2.92rel2-160000.1.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dnsmasq-utils-2.92rel2-160000.1.1.s390x as component of SUSE Linux Enterprise Server 16.0",
"product_id": "SUSE Linux Enterprise Server 16.0:dnsmasq-utils-2.92rel2-160000.1.1.s390x"
},
"product_reference": "dnsmasq-utils-2.92rel2-160000.1.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dnsmasq-utils-2.92rel2-160000.1.1.x86_64 as component of SUSE Linux Enterprise Server 16.0",
"product_id": "SUSE Linux Enterprise Server 16.0:dnsmasq-utils-2.92rel2-160000.1.1.x86_64"
},
"product_reference": "dnsmasq-utils-2.92rel2-160000.1.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dnsmasq-2.92rel2-160000.1.1.aarch64 as component of SUSE Linux Enterprise Server for SAP applications 16.0",
"product_id": "SUSE Linux Enterprise Server for SAP applications 16.0:dnsmasq-2.92rel2-160000.1.1.aarch64"
},
"product_reference": "dnsmasq-2.92rel2-160000.1.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP applications 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dnsmasq-2.92rel2-160000.1.1.ppc64le as component of SUSE Linux Enterprise Server for SAP applications 16.0",
"product_id": "SUSE Linux Enterprise Server for SAP applications 16.0:dnsmasq-2.92rel2-160000.1.1.ppc64le"
},
"product_reference": "dnsmasq-2.92rel2-160000.1.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP applications 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dnsmasq-2.92rel2-160000.1.1.s390x as component of SUSE Linux Enterprise Server for SAP applications 16.0",
"product_id": "SUSE Linux Enterprise Server for SAP applications 16.0:dnsmasq-2.92rel2-160000.1.1.s390x"
},
"product_reference": "dnsmasq-2.92rel2-160000.1.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP applications 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dnsmasq-2.92rel2-160000.1.1.x86_64 as component of SUSE Linux Enterprise Server for SAP applications 16.0",
"product_id": "SUSE Linux Enterprise Server for SAP applications 16.0:dnsmasq-2.92rel2-160000.1.1.x86_64"
},
"product_reference": "dnsmasq-2.92rel2-160000.1.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP applications 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dnsmasq-utils-2.92rel2-160000.1.1.aarch64 as component of SUSE Linux Enterprise Server for SAP applications 16.0",
"product_id": "SUSE Linux Enterprise Server for SAP applications 16.0:dnsmasq-utils-2.92rel2-160000.1.1.aarch64"
},
"product_reference": "dnsmasq-utils-2.92rel2-160000.1.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP applications 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dnsmasq-utils-2.92rel2-160000.1.1.ppc64le as component of SUSE Linux Enterprise Server for SAP applications 16.0",
"product_id": "SUSE Linux Enterprise Server for SAP applications 16.0:dnsmasq-utils-2.92rel2-160000.1.1.ppc64le"
},
"product_reference": "dnsmasq-utils-2.92rel2-160000.1.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP applications 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dnsmasq-utils-2.92rel2-160000.1.1.s390x as component of SUSE Linux Enterprise Server for SAP applications 16.0",
"product_id": "SUSE Linux Enterprise Server for SAP applications 16.0:dnsmasq-utils-2.92rel2-160000.1.1.s390x"
},
"product_reference": "dnsmasq-utils-2.92rel2-160000.1.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP applications 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dnsmasq-utils-2.92rel2-160000.1.1.x86_64 as component of SUSE Linux Enterprise Server for SAP applications 16.0",
"product_id": "SUSE Linux Enterprise Server for SAP applications 16.0:dnsmasq-utils-2.92rel2-160000.1.1.x86_64"
},
"product_reference": "dnsmasq-utils-2.92rel2-160000.1.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP applications 16.0"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2026-2291",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-2291"
}
],
"notes": [
{
"category": "general",
"text": "dnsmasqs extract_name() function can be abused to cause a heap buffer overflow, allowing an attacker to inject false DNS cache entries, which could result in DNS lookups to redirect to an attacker-controlled IP address, or to cause a DoS.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 16.0:dnsmasq-2.92rel2-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:dnsmasq-2.92rel2-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:dnsmasq-2.92rel2-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:dnsmasq-2.92rel2-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:dnsmasq-utils-2.92rel2-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:dnsmasq-utils-2.92rel2-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:dnsmasq-utils-2.92rel2-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:dnsmasq-utils-2.92rel2-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:dnsmasq-2.92rel2-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:dnsmasq-2.92rel2-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:dnsmasq-2.92rel2-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:dnsmasq-2.92rel2-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:dnsmasq-utils-2.92rel2-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:dnsmasq-utils-2.92rel2-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:dnsmasq-utils-2.92rel2-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:dnsmasq-utils-2.92rel2-160000.1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-2291",
"url": "https://www.suse.com/security/cve/CVE-2026-2291"
},
{
"category": "external",
"summary": "SUSE Bug 1258251 for CVE-2026-2291",
"url": "https://bugzilla.suse.com/1258251"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 16.0:dnsmasq-2.92rel2-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:dnsmasq-2.92rel2-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:dnsmasq-2.92rel2-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:dnsmasq-2.92rel2-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:dnsmasq-utils-2.92rel2-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:dnsmasq-utils-2.92rel2-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:dnsmasq-utils-2.92rel2-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:dnsmasq-utils-2.92rel2-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:dnsmasq-2.92rel2-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:dnsmasq-2.92rel2-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:dnsmasq-2.92rel2-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:dnsmasq-2.92rel2-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:dnsmasq-utils-2.92rel2-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:dnsmasq-utils-2.92rel2-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:dnsmasq-utils-2.92rel2-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:dnsmasq-utils-2.92rel2-160000.1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 16.0:dnsmasq-2.92rel2-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:dnsmasq-2.92rel2-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:dnsmasq-2.92rel2-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:dnsmasq-2.92rel2-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:dnsmasq-utils-2.92rel2-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:dnsmasq-utils-2.92rel2-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:dnsmasq-utils-2.92rel2-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:dnsmasq-utils-2.92rel2-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:dnsmasq-2.92rel2-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:dnsmasq-2.92rel2-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:dnsmasq-2.92rel2-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:dnsmasq-2.92rel2-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:dnsmasq-utils-2.92rel2-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:dnsmasq-utils-2.92rel2-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:dnsmasq-utils-2.92rel2-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:dnsmasq-utils-2.92rel2-160000.1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-05-13T16:34:00Z",
"details": "important"
}
],
"title": "CVE-2026-2291"
},
{
"cve": "CVE-2026-4890",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-4890"
}
],
"notes": [
{
"category": "general",
"text": "A Denial of Service (DoS) vulnerability in the DNSSEC validation of dnsmasq allows remote attackers to cause a denial of service via a crafted DNS packet.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 16.0:dnsmasq-2.92rel2-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:dnsmasq-2.92rel2-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:dnsmasq-2.92rel2-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:dnsmasq-2.92rel2-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:dnsmasq-utils-2.92rel2-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:dnsmasq-utils-2.92rel2-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:dnsmasq-utils-2.92rel2-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:dnsmasq-utils-2.92rel2-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:dnsmasq-2.92rel2-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:dnsmasq-2.92rel2-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:dnsmasq-2.92rel2-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:dnsmasq-2.92rel2-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:dnsmasq-utils-2.92rel2-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:dnsmasq-utils-2.92rel2-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:dnsmasq-utils-2.92rel2-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:dnsmasq-utils-2.92rel2-160000.1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-4890",
"url": "https://www.suse.com/security/cve/CVE-2026-4890"
},
{
"category": "external",
"summary": "SUSE Bug 1265001 for CVE-2026-4890",
"url": "https://bugzilla.suse.com/1265001"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 16.0:dnsmasq-2.92rel2-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:dnsmasq-2.92rel2-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:dnsmasq-2.92rel2-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:dnsmasq-2.92rel2-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:dnsmasq-utils-2.92rel2-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:dnsmasq-utils-2.92rel2-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:dnsmasq-utils-2.92rel2-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:dnsmasq-utils-2.92rel2-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:dnsmasq-2.92rel2-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:dnsmasq-2.92rel2-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:dnsmasq-2.92rel2-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:dnsmasq-2.92rel2-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:dnsmasq-utils-2.92rel2-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:dnsmasq-utils-2.92rel2-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:dnsmasq-utils-2.92rel2-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:dnsmasq-utils-2.92rel2-160000.1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 16.0:dnsmasq-2.92rel2-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:dnsmasq-2.92rel2-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:dnsmasq-2.92rel2-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:dnsmasq-2.92rel2-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:dnsmasq-utils-2.92rel2-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:dnsmasq-utils-2.92rel2-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:dnsmasq-utils-2.92rel2-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:dnsmasq-utils-2.92rel2-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:dnsmasq-2.92rel2-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:dnsmasq-2.92rel2-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:dnsmasq-2.92rel2-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:dnsmasq-2.92rel2-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:dnsmasq-utils-2.92rel2-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:dnsmasq-utils-2.92rel2-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:dnsmasq-utils-2.92rel2-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:dnsmasq-utils-2.92rel2-160000.1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-05-13T16:34:00Z",
"details": "important"
}
],
"title": "CVE-2026-4890"
},
{
"cve": "CVE-2026-4891",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-4891"
}
],
"notes": [
{
"category": "general",
"text": "A heap-based out-of-bounds read vulnerability in the DNSSEC validation of dnsmasq allows remote attackers to cause a denial of service via a crafted DNS packet.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 16.0:dnsmasq-2.92rel2-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:dnsmasq-2.92rel2-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:dnsmasq-2.92rel2-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:dnsmasq-2.92rel2-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:dnsmasq-utils-2.92rel2-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:dnsmasq-utils-2.92rel2-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:dnsmasq-utils-2.92rel2-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:dnsmasq-utils-2.92rel2-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:dnsmasq-2.92rel2-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:dnsmasq-2.92rel2-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:dnsmasq-2.92rel2-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:dnsmasq-2.92rel2-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:dnsmasq-utils-2.92rel2-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:dnsmasq-utils-2.92rel2-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:dnsmasq-utils-2.92rel2-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:dnsmasq-utils-2.92rel2-160000.1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-4891",
"url": "https://www.suse.com/security/cve/CVE-2026-4891"
},
{
"category": "external",
"summary": "SUSE Bug 1265002 for CVE-2026-4891",
"url": "https://bugzilla.suse.com/1265002"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 16.0:dnsmasq-2.92rel2-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:dnsmasq-2.92rel2-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:dnsmasq-2.92rel2-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:dnsmasq-2.92rel2-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:dnsmasq-utils-2.92rel2-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:dnsmasq-utils-2.92rel2-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:dnsmasq-utils-2.92rel2-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:dnsmasq-utils-2.92rel2-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:dnsmasq-2.92rel2-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:dnsmasq-2.92rel2-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:dnsmasq-2.92rel2-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:dnsmasq-2.92rel2-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:dnsmasq-utils-2.92rel2-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:dnsmasq-utils-2.92rel2-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:dnsmasq-utils-2.92rel2-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:dnsmasq-utils-2.92rel2-160000.1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 16.0:dnsmasq-2.92rel2-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:dnsmasq-2.92rel2-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:dnsmasq-2.92rel2-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:dnsmasq-2.92rel2-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:dnsmasq-utils-2.92rel2-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:dnsmasq-utils-2.92rel2-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:dnsmasq-utils-2.92rel2-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:dnsmasq-utils-2.92rel2-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:dnsmasq-2.92rel2-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:dnsmasq-2.92rel2-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:dnsmasq-2.92rel2-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:dnsmasq-2.92rel2-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:dnsmasq-utils-2.92rel2-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:dnsmasq-utils-2.92rel2-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:dnsmasq-utils-2.92rel2-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:dnsmasq-utils-2.92rel2-160000.1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-05-13T16:34:00Z",
"details": "moderate"
}
],
"title": "CVE-2026-4891"
},
{
"cve": "CVE-2026-4892",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-4892"
}
],
"notes": [
{
"category": "general",
"text": "A heap-based out-of-bounds write vulnerability in the DHCPv6 implementation of dnsmasq allows local attackers to execute arbitrary code with root privileges via a crafted DHCPv6 packet.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 16.0:dnsmasq-2.92rel2-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:dnsmasq-2.92rel2-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:dnsmasq-2.92rel2-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:dnsmasq-2.92rel2-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:dnsmasq-utils-2.92rel2-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:dnsmasq-utils-2.92rel2-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:dnsmasq-utils-2.92rel2-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:dnsmasq-utils-2.92rel2-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:dnsmasq-2.92rel2-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:dnsmasq-2.92rel2-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:dnsmasq-2.92rel2-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:dnsmasq-2.92rel2-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:dnsmasq-utils-2.92rel2-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:dnsmasq-utils-2.92rel2-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:dnsmasq-utils-2.92rel2-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:dnsmasq-utils-2.92rel2-160000.1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-4892",
"url": "https://www.suse.com/security/cve/CVE-2026-4892"
},
{
"category": "external",
"summary": "SUSE Bug 1265003 for CVE-2026-4892",
"url": "https://bugzilla.suse.com/1265003"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 16.0:dnsmasq-2.92rel2-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:dnsmasq-2.92rel2-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:dnsmasq-2.92rel2-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:dnsmasq-2.92rel2-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:dnsmasq-utils-2.92rel2-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:dnsmasq-utils-2.92rel2-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:dnsmasq-utils-2.92rel2-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:dnsmasq-utils-2.92rel2-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:dnsmasq-2.92rel2-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:dnsmasq-2.92rel2-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:dnsmasq-2.92rel2-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:dnsmasq-2.92rel2-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:dnsmasq-utils-2.92rel2-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:dnsmasq-utils-2.92rel2-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:dnsmasq-utils-2.92rel2-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:dnsmasq-utils-2.92rel2-160000.1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.4,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 16.0:dnsmasq-2.92rel2-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:dnsmasq-2.92rel2-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:dnsmasq-2.92rel2-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:dnsmasq-2.92rel2-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:dnsmasq-utils-2.92rel2-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:dnsmasq-utils-2.92rel2-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:dnsmasq-utils-2.92rel2-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:dnsmasq-utils-2.92rel2-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:dnsmasq-2.92rel2-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:dnsmasq-2.92rel2-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:dnsmasq-2.92rel2-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:dnsmasq-2.92rel2-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:dnsmasq-utils-2.92rel2-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:dnsmasq-utils-2.92rel2-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:dnsmasq-utils-2.92rel2-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:dnsmasq-utils-2.92rel2-160000.1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-05-13T16:34:00Z",
"details": "important"
}
],
"title": "CVE-2026-4892"
},
{
"cve": "CVE-2026-4893",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-4893"
}
],
"notes": [
{
"category": "general",
"text": "An information disclosure vulnerability in dnsmasq allows remote attackers to bypass source checks via a crafted DNS packet with RFC 7871 client subnet information.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 16.0:dnsmasq-2.92rel2-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:dnsmasq-2.92rel2-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:dnsmasq-2.92rel2-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:dnsmasq-2.92rel2-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:dnsmasq-utils-2.92rel2-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:dnsmasq-utils-2.92rel2-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:dnsmasq-utils-2.92rel2-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:dnsmasq-utils-2.92rel2-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:dnsmasq-2.92rel2-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:dnsmasq-2.92rel2-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:dnsmasq-2.92rel2-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:dnsmasq-2.92rel2-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:dnsmasq-utils-2.92rel2-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:dnsmasq-utils-2.92rel2-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:dnsmasq-utils-2.92rel2-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:dnsmasq-utils-2.92rel2-160000.1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-4893",
"url": "https://www.suse.com/security/cve/CVE-2026-4893"
},
{
"category": "external",
"summary": "SUSE Bug 1265004 for CVE-2026-4893",
"url": "https://bugzilla.suse.com/1265004"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 16.0:dnsmasq-2.92rel2-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:dnsmasq-2.92rel2-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:dnsmasq-2.92rel2-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:dnsmasq-2.92rel2-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:dnsmasq-utils-2.92rel2-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:dnsmasq-utils-2.92rel2-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:dnsmasq-utils-2.92rel2-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:dnsmasq-utils-2.92rel2-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:dnsmasq-2.92rel2-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:dnsmasq-2.92rel2-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:dnsmasq-2.92rel2-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:dnsmasq-2.92rel2-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:dnsmasq-utils-2.92rel2-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:dnsmasq-utils-2.92rel2-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:dnsmasq-utils-2.92rel2-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:dnsmasq-utils-2.92rel2-160000.1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 16.0:dnsmasq-2.92rel2-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:dnsmasq-2.92rel2-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:dnsmasq-2.92rel2-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:dnsmasq-2.92rel2-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:dnsmasq-utils-2.92rel2-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:dnsmasq-utils-2.92rel2-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:dnsmasq-utils-2.92rel2-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:dnsmasq-utils-2.92rel2-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:dnsmasq-2.92rel2-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:dnsmasq-2.92rel2-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:dnsmasq-2.92rel2-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:dnsmasq-2.92rel2-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:dnsmasq-utils-2.92rel2-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:dnsmasq-utils-2.92rel2-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:dnsmasq-utils-2.92rel2-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:dnsmasq-utils-2.92rel2-160000.1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-05-13T16:34:00Z",
"details": "moderate"
}
],
"title": "CVE-2026-4893"
},
{
"cve": "CVE-2026-5172",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-5172"
}
],
"notes": [
{
"category": "general",
"text": "A buffer overflow in dnsmasq\u0027s extract_addresses() function allows an attacker to trigger a heap out-of-bounds read and crash by exploiting a malformed DNS response, enabling extract_name() to advance the pointer past the record\u0027s end.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 16.0:dnsmasq-2.92rel2-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:dnsmasq-2.92rel2-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:dnsmasq-2.92rel2-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:dnsmasq-2.92rel2-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:dnsmasq-utils-2.92rel2-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:dnsmasq-utils-2.92rel2-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:dnsmasq-utils-2.92rel2-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:dnsmasq-utils-2.92rel2-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:dnsmasq-2.92rel2-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:dnsmasq-2.92rel2-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:dnsmasq-2.92rel2-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:dnsmasq-2.92rel2-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:dnsmasq-utils-2.92rel2-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:dnsmasq-utils-2.92rel2-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:dnsmasq-utils-2.92rel2-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:dnsmasq-utils-2.92rel2-160000.1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-5172",
"url": "https://www.suse.com/security/cve/CVE-2026-5172"
},
{
"category": "external",
"summary": "SUSE Bug 1265006 for CVE-2026-5172",
"url": "https://bugzilla.suse.com/1265006"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 16.0:dnsmasq-2.92rel2-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:dnsmasq-2.92rel2-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:dnsmasq-2.92rel2-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:dnsmasq-2.92rel2-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:dnsmasq-utils-2.92rel2-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:dnsmasq-utils-2.92rel2-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:dnsmasq-utils-2.92rel2-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:dnsmasq-utils-2.92rel2-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:dnsmasq-2.92rel2-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:dnsmasq-2.92rel2-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:dnsmasq-2.92rel2-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:dnsmasq-2.92rel2-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:dnsmasq-utils-2.92rel2-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:dnsmasq-utils-2.92rel2-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:dnsmasq-utils-2.92rel2-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:dnsmasq-utils-2.92rel2-160000.1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 16.0:dnsmasq-2.92rel2-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:dnsmasq-2.92rel2-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:dnsmasq-2.92rel2-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:dnsmasq-2.92rel2-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:dnsmasq-utils-2.92rel2-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:dnsmasq-utils-2.92rel2-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:dnsmasq-utils-2.92rel2-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:dnsmasq-utils-2.92rel2-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:dnsmasq-2.92rel2-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:dnsmasq-2.92rel2-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:dnsmasq-2.92rel2-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:dnsmasq-2.92rel2-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:dnsmasq-utils-2.92rel2-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:dnsmasq-utils-2.92rel2-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:dnsmasq-utils-2.92rel2-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:dnsmasq-utils-2.92rel2-160000.1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-05-13T16:34:00Z",
"details": "important"
}
],
"title": "CVE-2026-5172"
},
{
"cve": "CVE-2026-6507",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-6507"
}
],
"notes": [
{
"category": "general",
"text": "A flaw was found in dnsmasq. A remote attacker could exploit an out-of-bounds write vulnerability by sending a specially crafted BOOTREPLY (Bootstrap Protocol Reply) packet to a dnsmasq server configured with the `--dhcp-split-relay` option. This can lead to memory corruption, causing the dnsmasq daemon to crash and resulting in a denial of service (DoS).",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 16.0:dnsmasq-2.92rel2-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:dnsmasq-2.92rel2-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:dnsmasq-2.92rel2-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:dnsmasq-2.92rel2-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:dnsmasq-utils-2.92rel2-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:dnsmasq-utils-2.92rel2-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:dnsmasq-utils-2.92rel2-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:dnsmasq-utils-2.92rel2-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:dnsmasq-2.92rel2-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:dnsmasq-2.92rel2-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:dnsmasq-2.92rel2-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:dnsmasq-2.92rel2-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:dnsmasq-utils-2.92rel2-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:dnsmasq-utils-2.92rel2-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:dnsmasq-utils-2.92rel2-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:dnsmasq-utils-2.92rel2-160000.1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-6507",
"url": "https://www.suse.com/security/cve/CVE-2026-6507"
},
{
"category": "external",
"summary": "SUSE Bug 1262487 for CVE-2026-6507",
"url": "https://bugzilla.suse.com/1262487"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 16.0:dnsmasq-2.92rel2-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:dnsmasq-2.92rel2-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:dnsmasq-2.92rel2-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:dnsmasq-2.92rel2-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:dnsmasq-utils-2.92rel2-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:dnsmasq-utils-2.92rel2-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:dnsmasq-utils-2.92rel2-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:dnsmasq-utils-2.92rel2-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:dnsmasq-2.92rel2-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:dnsmasq-2.92rel2-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:dnsmasq-2.92rel2-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:dnsmasq-2.92rel2-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:dnsmasq-utils-2.92rel2-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:dnsmasq-utils-2.92rel2-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:dnsmasq-utils-2.92rel2-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:dnsmasq-utils-2.92rel2-160000.1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 16.0:dnsmasq-2.92rel2-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:dnsmasq-2.92rel2-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:dnsmasq-2.92rel2-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:dnsmasq-2.92rel2-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:dnsmasq-utils-2.92rel2-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:dnsmasq-utils-2.92rel2-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:dnsmasq-utils-2.92rel2-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:dnsmasq-utils-2.92rel2-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:dnsmasq-2.92rel2-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:dnsmasq-2.92rel2-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:dnsmasq-2.92rel2-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:dnsmasq-2.92rel2-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:dnsmasq-utils-2.92rel2-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:dnsmasq-utils-2.92rel2-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:dnsmasq-utils-2.92rel2-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:dnsmasq-utils-2.92rel2-160000.1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-05-13T16:34:00Z",
"details": "important"
}
],
"title": "CVE-2026-6507"
}
]
}
SUSE-SU-2026:2458-1
Vulnerability from csaf_suse - Published: 2026-06-18 15:54 - Updated: 2026-06-18 15:54| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:dnsmasq-2.92rel2-18.27.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:dnsmasq-2.92rel2-18.27.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:dnsmasq-2.92rel2-18.27.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:dnsmasq-2.92rel2-18.27.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5:dnsmasq-2.92rel2-18.27.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5:dnsmasq-2.92rel2-18.27.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5:dnsmasq-2.92rel2-18.27.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5:dnsmasq-2.92rel2-18.27.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dnsmasq-2.92rel2-18.27.1.x86_64 | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:dnsmasq-2.92rel2-18.27.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:dnsmasq-2.92rel2-18.27.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:dnsmasq-2.92rel2-18.27.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:dnsmasq-2.92rel2-18.27.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5:dnsmasq-2.92rel2-18.27.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5:dnsmasq-2.92rel2-18.27.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5:dnsmasq-2.92rel2-18.27.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5:dnsmasq-2.92rel2-18.27.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dnsmasq-2.92rel2-18.27.1.x86_64 | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:dnsmasq-2.92rel2-18.27.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:dnsmasq-2.92rel2-18.27.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:dnsmasq-2.92rel2-18.27.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:dnsmasq-2.92rel2-18.27.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5:dnsmasq-2.92rel2-18.27.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5:dnsmasq-2.92rel2-18.27.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5:dnsmasq-2.92rel2-18.27.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5:dnsmasq-2.92rel2-18.27.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dnsmasq-2.92rel2-18.27.1.x86_64 | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:dnsmasq-2.92rel2-18.27.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:dnsmasq-2.92rel2-18.27.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:dnsmasq-2.92rel2-18.27.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:dnsmasq-2.92rel2-18.27.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5:dnsmasq-2.92rel2-18.27.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5:dnsmasq-2.92rel2-18.27.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5:dnsmasq-2.92rel2-18.27.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5:dnsmasq-2.92rel2-18.27.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dnsmasq-2.92rel2-18.27.1.x86_64 | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:dnsmasq-2.92rel2-18.27.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:dnsmasq-2.92rel2-18.27.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:dnsmasq-2.92rel2-18.27.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:dnsmasq-2.92rel2-18.27.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5:dnsmasq-2.92rel2-18.27.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5:dnsmasq-2.92rel2-18.27.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5:dnsmasq-2.92rel2-18.27.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5:dnsmasq-2.92rel2-18.27.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dnsmasq-2.92rel2-18.27.1.x86_64 | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:dnsmasq-2.92rel2-18.27.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:dnsmasq-2.92rel2-18.27.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:dnsmasq-2.92rel2-18.27.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:dnsmasq-2.92rel2-18.27.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5:dnsmasq-2.92rel2-18.27.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5:dnsmasq-2.92rel2-18.27.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5:dnsmasq-2.92rel2-18.27.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5:dnsmasq-2.92rel2-18.27.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dnsmasq-2.92rel2-18.27.1.x86_64 | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:dnsmasq-2.92rel2-18.27.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:dnsmasq-2.92rel2-18.27.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:dnsmasq-2.92rel2-18.27.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:dnsmasq-2.92rel2-18.27.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5:dnsmasq-2.92rel2-18.27.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5:dnsmasq-2.92rel2-18.27.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5:dnsmasq-2.92rel2-18.27.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5:dnsmasq-2.92rel2-18.27.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dnsmasq-2.92rel2-18.27.1.x86_64 | — |
Vendor Fix
|
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for dnsmasq",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for dnsmasq fixes the following issues\n\n- CVE-2026-2291: VU#471747: dnsmasq can be abused to record false cached data enabling DoS or attacker redirect\n (bsc#1258251).\n- CVE-2026-4890: DoS vulnerability in the DNSSEC validation (bsc#1265001).\n- CVE-2026-4891: heap-based out-of-bounds read vulnerability in the DNSSEC validation (bsc#1265002).\n- CVE-2026-4892: heap-based out-of-bounds write vulnerability in the DHCPv6 implementation (bsc#1265003).\n- CVE-2026-4893: information disclosure vulnerability in dnsmasq allows remote attackers to bypass source checks\n (bsc#1265004).\n- CVE-2026-5172: buffer overflow in dnsmasq\u0027s extract_addresses() function (bsc#1265006).\n- CVE-2026-6507: out-of-bounds write in DHCP BOOTREPLY processing can lead to denial of service (bsc#1262487).\n \nChanges for dnsmasq:\n\n- Update to security release 2.92rel2.\n- Fix setting of compile time options from the spec file.\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2026-2458,SUSE-SLE-SERVER-12-SP5-LTSS-2026-2458,SUSE-SLE-SERVER-12-SP5-LTSS-EXTENDED-SECURITY-2026-2458",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2026_2458-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2026:2458-1",
"url": "https://www.suse.com/support/update/announcement/2026/suse-su-20262458-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2026:2458-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2026-June/026830.html"
},
{
"category": "self",
"summary": "SUSE Bug 1258251",
"url": "https://bugzilla.suse.com/1258251"
},
{
"category": "self",
"summary": "SUSE Bug 1262487",
"url": "https://bugzilla.suse.com/1262487"
},
{
"category": "self",
"summary": "SUSE Bug 1265001",
"url": "https://bugzilla.suse.com/1265001"
},
{
"category": "self",
"summary": "SUSE Bug 1265002",
"url": "https://bugzilla.suse.com/1265002"
},
{
"category": "self",
"summary": "SUSE Bug 1265003",
"url": "https://bugzilla.suse.com/1265003"
},
{
"category": "self",
"summary": "SUSE Bug 1265004",
"url": "https://bugzilla.suse.com/1265004"
},
{
"category": "self",
"summary": "SUSE Bug 1265006",
"url": "https://bugzilla.suse.com/1265006"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-2291 page",
"url": "https://www.suse.com/security/cve/CVE-2026-2291/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-4890 page",
"url": "https://www.suse.com/security/cve/CVE-2026-4890/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-4891 page",
"url": "https://www.suse.com/security/cve/CVE-2026-4891/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-4892 page",
"url": "https://www.suse.com/security/cve/CVE-2026-4892/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-4893 page",
"url": "https://www.suse.com/security/cve/CVE-2026-4893/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-5172 page",
"url": "https://www.suse.com/security/cve/CVE-2026-5172/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-6507 page",
"url": "https://www.suse.com/security/cve/CVE-2026-6507/"
}
],
"title": "Security update for dnsmasq",
"tracking": {
"current_release_date": "2026-06-18T15:54:25Z",
"generator": {
"date": "2026-06-18T15:54:25Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2026:2458-1",
"initial_release_date": "2026-06-18T15:54:25Z",
"revision_history": [
{
"date": "2026-06-18T15:54:25Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "dnsmasq-2.92rel2-18.27.1.aarch64",
"product": {
"name": "dnsmasq-2.92rel2-18.27.1.aarch64",
"product_id": "dnsmasq-2.92rel2-18.27.1.aarch64"
}
},
{
"category": "product_version",
"name": "dnsmasq-utils-2.92rel2-18.27.1.aarch64",
"product": {
"name": "dnsmasq-utils-2.92rel2-18.27.1.aarch64",
"product_id": "dnsmasq-utils-2.92rel2-18.27.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "dnsmasq-2.92rel2-18.27.1.i586",
"product": {
"name": "dnsmasq-2.92rel2-18.27.1.i586",
"product_id": "dnsmasq-2.92rel2-18.27.1.i586"
}
},
{
"category": "product_version",
"name": "dnsmasq-utils-2.92rel2-18.27.1.i586",
"product": {
"name": "dnsmasq-utils-2.92rel2-18.27.1.i586",
"product_id": "dnsmasq-utils-2.92rel2-18.27.1.i586"
}
}
],
"category": "architecture",
"name": "i586"
},
{
"branches": [
{
"category": "product_version",
"name": "dnsmasq-2.92rel2-18.27.1.ppc64le",
"product": {
"name": "dnsmasq-2.92rel2-18.27.1.ppc64le",
"product_id": "dnsmasq-2.92rel2-18.27.1.ppc64le"
}
},
{
"category": "product_version",
"name": "dnsmasq-utils-2.92rel2-18.27.1.ppc64le",
"product": {
"name": "dnsmasq-utils-2.92rel2-18.27.1.ppc64le",
"product_id": "dnsmasq-utils-2.92rel2-18.27.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "dnsmasq-2.92rel2-18.27.1.s390",
"product": {
"name": "dnsmasq-2.92rel2-18.27.1.s390",
"product_id": "dnsmasq-2.92rel2-18.27.1.s390"
}
},
{
"category": "product_version",
"name": "dnsmasq-utils-2.92rel2-18.27.1.s390",
"product": {
"name": "dnsmasq-utils-2.92rel2-18.27.1.s390",
"product_id": "dnsmasq-utils-2.92rel2-18.27.1.s390"
}
}
],
"category": "architecture",
"name": "s390"
},
{
"branches": [
{
"category": "product_version",
"name": "dnsmasq-2.92rel2-18.27.1.s390x",
"product": {
"name": "dnsmasq-2.92rel2-18.27.1.s390x",
"product_id": "dnsmasq-2.92rel2-18.27.1.s390x"
}
},
{
"category": "product_version",
"name": "dnsmasq-utils-2.92rel2-18.27.1.s390x",
"product": {
"name": "dnsmasq-utils-2.92rel2-18.27.1.s390x",
"product_id": "dnsmasq-utils-2.92rel2-18.27.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "dnsmasq-2.92rel2-18.27.1.x86_64",
"product": {
"name": "dnsmasq-2.92rel2-18.27.1.x86_64",
"product_id": "dnsmasq-2.92rel2-18.27.1.x86_64"
}
},
{
"category": "product_version",
"name": "dnsmasq-utils-2.92rel2-18.27.1.x86_64",
"product": {
"name": "dnsmasq-utils-2.92rel2-18.27.1.x86_64",
"product_id": "dnsmasq-utils-2.92rel2-18.27.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 12 SP5-LTSS",
"product": {
"name": "SUSE Linux Enterprise Server 12 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP5-LTSS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles-ltss:12:sp5"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 12 SP5",
"product": {
"name": "SUSE Linux Enterprise Server 12 SP5",
"product_id": "SUSE Linux Enterprise Server 12 SP5",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles:12:sp5"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5",
"product": {
"name": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5",
"product_id": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles-ltss-extended-security:12:sp5"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "dnsmasq-2.92rel2-18.27.1.aarch64 as component of SUSE Linux Enterprise Server 12 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP5-LTSS:dnsmasq-2.92rel2-18.27.1.aarch64"
},
"product_reference": "dnsmasq-2.92rel2-18.27.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dnsmasq-2.92rel2-18.27.1.ppc64le as component of SUSE Linux Enterprise Server 12 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP5-LTSS:dnsmasq-2.92rel2-18.27.1.ppc64le"
},
"product_reference": "dnsmasq-2.92rel2-18.27.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dnsmasq-2.92rel2-18.27.1.s390x as component of SUSE Linux Enterprise Server 12 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP5-LTSS:dnsmasq-2.92rel2-18.27.1.s390x"
},
"product_reference": "dnsmasq-2.92rel2-18.27.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dnsmasq-2.92rel2-18.27.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP5-LTSS:dnsmasq-2.92rel2-18.27.1.x86_64"
},
"product_reference": "dnsmasq-2.92rel2-18.27.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dnsmasq-2.92rel2-18.27.1.aarch64 as component of SUSE Linux Enterprise Server 12 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP5:dnsmasq-2.92rel2-18.27.1.aarch64"
},
"product_reference": "dnsmasq-2.92rel2-18.27.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dnsmasq-2.92rel2-18.27.1.ppc64le as component of SUSE Linux Enterprise Server 12 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP5:dnsmasq-2.92rel2-18.27.1.ppc64le"
},
"product_reference": "dnsmasq-2.92rel2-18.27.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dnsmasq-2.92rel2-18.27.1.s390x as component of SUSE Linux Enterprise Server 12 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP5:dnsmasq-2.92rel2-18.27.1.s390x"
},
"product_reference": "dnsmasq-2.92rel2-18.27.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dnsmasq-2.92rel2-18.27.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP5:dnsmasq-2.92rel2-18.27.1.x86_64"
},
"product_reference": "dnsmasq-2.92rel2-18.27.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dnsmasq-2.92rel2-18.27.1.x86_64 as component of SUSE Linux Enterprise Server LTSS Extended Security 12 SP5",
"product_id": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dnsmasq-2.92rel2-18.27.1.x86_64"
},
"product_reference": "dnsmasq-2.92rel2-18.27.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2026-2291",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-2291"
}
],
"notes": [
{
"category": "general",
"text": "dnsmasqs extract_name() function can be abused to cause a heap buffer overflow, allowing an attacker to inject false DNS cache entries, which could result in DNS lookups to redirect to an attacker-controlled IP address, or to cause a DoS.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:dnsmasq-2.92rel2-18.27.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dnsmasq-2.92rel2-18.27.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dnsmasq-2.92rel2-18.27.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dnsmasq-2.92rel2-18.27.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:dnsmasq-2.92rel2-18.27.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5:dnsmasq-2.92rel2-18.27.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5:dnsmasq-2.92rel2-18.27.1.s390x",
"SUSE Linux Enterprise Server 12 SP5:dnsmasq-2.92rel2-18.27.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dnsmasq-2.92rel2-18.27.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-2291",
"url": "https://www.suse.com/security/cve/CVE-2026-2291"
},
{
"category": "external",
"summary": "SUSE Bug 1258251 for CVE-2026-2291",
"url": "https://bugzilla.suse.com/1258251"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:dnsmasq-2.92rel2-18.27.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dnsmasq-2.92rel2-18.27.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dnsmasq-2.92rel2-18.27.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dnsmasq-2.92rel2-18.27.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:dnsmasq-2.92rel2-18.27.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5:dnsmasq-2.92rel2-18.27.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5:dnsmasq-2.92rel2-18.27.1.s390x",
"SUSE Linux Enterprise Server 12 SP5:dnsmasq-2.92rel2-18.27.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dnsmasq-2.92rel2-18.27.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:dnsmasq-2.92rel2-18.27.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dnsmasq-2.92rel2-18.27.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dnsmasq-2.92rel2-18.27.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dnsmasq-2.92rel2-18.27.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:dnsmasq-2.92rel2-18.27.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5:dnsmasq-2.92rel2-18.27.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5:dnsmasq-2.92rel2-18.27.1.s390x",
"SUSE Linux Enterprise Server 12 SP5:dnsmasq-2.92rel2-18.27.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dnsmasq-2.92rel2-18.27.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-18T15:54:25Z",
"details": "important"
}
],
"title": "CVE-2026-2291"
},
{
"cve": "CVE-2026-4890",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-4890"
}
],
"notes": [
{
"category": "general",
"text": "A Denial of Service (DoS) vulnerability in the DNSSEC validation of dnsmasq allows remote attackers to cause a denial of service via a crafted DNS packet.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:dnsmasq-2.92rel2-18.27.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dnsmasq-2.92rel2-18.27.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dnsmasq-2.92rel2-18.27.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dnsmasq-2.92rel2-18.27.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:dnsmasq-2.92rel2-18.27.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5:dnsmasq-2.92rel2-18.27.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5:dnsmasq-2.92rel2-18.27.1.s390x",
"SUSE Linux Enterprise Server 12 SP5:dnsmasq-2.92rel2-18.27.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dnsmasq-2.92rel2-18.27.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-4890",
"url": "https://www.suse.com/security/cve/CVE-2026-4890"
},
{
"category": "external",
"summary": "SUSE Bug 1265001 for CVE-2026-4890",
"url": "https://bugzilla.suse.com/1265001"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:dnsmasq-2.92rel2-18.27.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dnsmasq-2.92rel2-18.27.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dnsmasq-2.92rel2-18.27.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dnsmasq-2.92rel2-18.27.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:dnsmasq-2.92rel2-18.27.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5:dnsmasq-2.92rel2-18.27.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5:dnsmasq-2.92rel2-18.27.1.s390x",
"SUSE Linux Enterprise Server 12 SP5:dnsmasq-2.92rel2-18.27.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dnsmasq-2.92rel2-18.27.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:dnsmasq-2.92rel2-18.27.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dnsmasq-2.92rel2-18.27.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dnsmasq-2.92rel2-18.27.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dnsmasq-2.92rel2-18.27.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:dnsmasq-2.92rel2-18.27.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5:dnsmasq-2.92rel2-18.27.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5:dnsmasq-2.92rel2-18.27.1.s390x",
"SUSE Linux Enterprise Server 12 SP5:dnsmasq-2.92rel2-18.27.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dnsmasq-2.92rel2-18.27.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-18T15:54:25Z",
"details": "important"
}
],
"title": "CVE-2026-4890"
},
{
"cve": "CVE-2026-4891",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-4891"
}
],
"notes": [
{
"category": "general",
"text": "A heap-based out-of-bounds read vulnerability in the DNSSEC validation of dnsmasq allows remote attackers to cause a denial of service via a crafted DNS packet.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:dnsmasq-2.92rel2-18.27.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dnsmasq-2.92rel2-18.27.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dnsmasq-2.92rel2-18.27.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dnsmasq-2.92rel2-18.27.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:dnsmasq-2.92rel2-18.27.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5:dnsmasq-2.92rel2-18.27.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5:dnsmasq-2.92rel2-18.27.1.s390x",
"SUSE Linux Enterprise Server 12 SP5:dnsmasq-2.92rel2-18.27.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dnsmasq-2.92rel2-18.27.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-4891",
"url": "https://www.suse.com/security/cve/CVE-2026-4891"
},
{
"category": "external",
"summary": "SUSE Bug 1265002 for CVE-2026-4891",
"url": "https://bugzilla.suse.com/1265002"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:dnsmasq-2.92rel2-18.27.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dnsmasq-2.92rel2-18.27.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dnsmasq-2.92rel2-18.27.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dnsmasq-2.92rel2-18.27.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:dnsmasq-2.92rel2-18.27.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5:dnsmasq-2.92rel2-18.27.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5:dnsmasq-2.92rel2-18.27.1.s390x",
"SUSE Linux Enterprise Server 12 SP5:dnsmasq-2.92rel2-18.27.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dnsmasq-2.92rel2-18.27.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:dnsmasq-2.92rel2-18.27.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dnsmasq-2.92rel2-18.27.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dnsmasq-2.92rel2-18.27.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dnsmasq-2.92rel2-18.27.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:dnsmasq-2.92rel2-18.27.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5:dnsmasq-2.92rel2-18.27.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5:dnsmasq-2.92rel2-18.27.1.s390x",
"SUSE Linux Enterprise Server 12 SP5:dnsmasq-2.92rel2-18.27.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dnsmasq-2.92rel2-18.27.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-18T15:54:25Z",
"details": "moderate"
}
],
"title": "CVE-2026-4891"
},
{
"cve": "CVE-2026-4892",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-4892"
}
],
"notes": [
{
"category": "general",
"text": "A heap-based out-of-bounds write vulnerability in the DHCPv6 implementation of dnsmasq allows local attackers to execute arbitrary code with root privileges via a crafted DHCPv6 packet.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:dnsmasq-2.92rel2-18.27.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dnsmasq-2.92rel2-18.27.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dnsmasq-2.92rel2-18.27.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dnsmasq-2.92rel2-18.27.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:dnsmasq-2.92rel2-18.27.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5:dnsmasq-2.92rel2-18.27.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5:dnsmasq-2.92rel2-18.27.1.s390x",
"SUSE Linux Enterprise Server 12 SP5:dnsmasq-2.92rel2-18.27.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dnsmasq-2.92rel2-18.27.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-4892",
"url": "https://www.suse.com/security/cve/CVE-2026-4892"
},
{
"category": "external",
"summary": "SUSE Bug 1265003 for CVE-2026-4892",
"url": "https://bugzilla.suse.com/1265003"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:dnsmasq-2.92rel2-18.27.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dnsmasq-2.92rel2-18.27.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dnsmasq-2.92rel2-18.27.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dnsmasq-2.92rel2-18.27.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:dnsmasq-2.92rel2-18.27.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5:dnsmasq-2.92rel2-18.27.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5:dnsmasq-2.92rel2-18.27.1.s390x",
"SUSE Linux Enterprise Server 12 SP5:dnsmasq-2.92rel2-18.27.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dnsmasq-2.92rel2-18.27.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.4,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:dnsmasq-2.92rel2-18.27.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dnsmasq-2.92rel2-18.27.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dnsmasq-2.92rel2-18.27.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dnsmasq-2.92rel2-18.27.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:dnsmasq-2.92rel2-18.27.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5:dnsmasq-2.92rel2-18.27.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5:dnsmasq-2.92rel2-18.27.1.s390x",
"SUSE Linux Enterprise Server 12 SP5:dnsmasq-2.92rel2-18.27.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dnsmasq-2.92rel2-18.27.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-18T15:54:25Z",
"details": "important"
}
],
"title": "CVE-2026-4892"
},
{
"cve": "CVE-2026-4893",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-4893"
}
],
"notes": [
{
"category": "general",
"text": "An information disclosure vulnerability in dnsmasq allows remote attackers to bypass source checks via a crafted DNS packet with RFC 7871 client subnet information.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:dnsmasq-2.92rel2-18.27.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dnsmasq-2.92rel2-18.27.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dnsmasq-2.92rel2-18.27.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dnsmasq-2.92rel2-18.27.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:dnsmasq-2.92rel2-18.27.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5:dnsmasq-2.92rel2-18.27.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5:dnsmasq-2.92rel2-18.27.1.s390x",
"SUSE Linux Enterprise Server 12 SP5:dnsmasq-2.92rel2-18.27.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dnsmasq-2.92rel2-18.27.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-4893",
"url": "https://www.suse.com/security/cve/CVE-2026-4893"
},
{
"category": "external",
"summary": "SUSE Bug 1265004 for CVE-2026-4893",
"url": "https://bugzilla.suse.com/1265004"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:dnsmasq-2.92rel2-18.27.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dnsmasq-2.92rel2-18.27.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dnsmasq-2.92rel2-18.27.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dnsmasq-2.92rel2-18.27.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:dnsmasq-2.92rel2-18.27.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5:dnsmasq-2.92rel2-18.27.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5:dnsmasq-2.92rel2-18.27.1.s390x",
"SUSE Linux Enterprise Server 12 SP5:dnsmasq-2.92rel2-18.27.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dnsmasq-2.92rel2-18.27.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:dnsmasq-2.92rel2-18.27.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dnsmasq-2.92rel2-18.27.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dnsmasq-2.92rel2-18.27.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dnsmasq-2.92rel2-18.27.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:dnsmasq-2.92rel2-18.27.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5:dnsmasq-2.92rel2-18.27.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5:dnsmasq-2.92rel2-18.27.1.s390x",
"SUSE Linux Enterprise Server 12 SP5:dnsmasq-2.92rel2-18.27.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dnsmasq-2.92rel2-18.27.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-18T15:54:25Z",
"details": "moderate"
}
],
"title": "CVE-2026-4893"
},
{
"cve": "CVE-2026-5172",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-5172"
}
],
"notes": [
{
"category": "general",
"text": "A buffer overflow in dnsmasq\u0027s extract_addresses() function allows an attacker to trigger a heap out-of-bounds read and crash by exploiting a malformed DNS response, enabling extract_name() to advance the pointer past the record\u0027s end.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:dnsmasq-2.92rel2-18.27.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dnsmasq-2.92rel2-18.27.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dnsmasq-2.92rel2-18.27.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dnsmasq-2.92rel2-18.27.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:dnsmasq-2.92rel2-18.27.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5:dnsmasq-2.92rel2-18.27.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5:dnsmasq-2.92rel2-18.27.1.s390x",
"SUSE Linux Enterprise Server 12 SP5:dnsmasq-2.92rel2-18.27.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dnsmasq-2.92rel2-18.27.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-5172",
"url": "https://www.suse.com/security/cve/CVE-2026-5172"
},
{
"category": "external",
"summary": "SUSE Bug 1265006 for CVE-2026-5172",
"url": "https://bugzilla.suse.com/1265006"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:dnsmasq-2.92rel2-18.27.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dnsmasq-2.92rel2-18.27.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dnsmasq-2.92rel2-18.27.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dnsmasq-2.92rel2-18.27.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:dnsmasq-2.92rel2-18.27.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5:dnsmasq-2.92rel2-18.27.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5:dnsmasq-2.92rel2-18.27.1.s390x",
"SUSE Linux Enterprise Server 12 SP5:dnsmasq-2.92rel2-18.27.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dnsmasq-2.92rel2-18.27.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:dnsmasq-2.92rel2-18.27.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dnsmasq-2.92rel2-18.27.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dnsmasq-2.92rel2-18.27.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dnsmasq-2.92rel2-18.27.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:dnsmasq-2.92rel2-18.27.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5:dnsmasq-2.92rel2-18.27.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5:dnsmasq-2.92rel2-18.27.1.s390x",
"SUSE Linux Enterprise Server 12 SP5:dnsmasq-2.92rel2-18.27.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dnsmasq-2.92rel2-18.27.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-18T15:54:25Z",
"details": "important"
}
],
"title": "CVE-2026-5172"
},
{
"cve": "CVE-2026-6507",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-6507"
}
],
"notes": [
{
"category": "general",
"text": "A flaw was found in dnsmasq. A remote attacker could exploit an out-of-bounds write vulnerability by sending a specially crafted BOOTREPLY (Bootstrap Protocol Reply) packet to a dnsmasq server configured with the `--dhcp-split-relay` option. This can lead to memory corruption, causing the dnsmasq daemon to crash and resulting in a denial of service (DoS).",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:dnsmasq-2.92rel2-18.27.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dnsmasq-2.92rel2-18.27.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dnsmasq-2.92rel2-18.27.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dnsmasq-2.92rel2-18.27.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:dnsmasq-2.92rel2-18.27.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5:dnsmasq-2.92rel2-18.27.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5:dnsmasq-2.92rel2-18.27.1.s390x",
"SUSE Linux Enterprise Server 12 SP5:dnsmasq-2.92rel2-18.27.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dnsmasq-2.92rel2-18.27.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-6507",
"url": "https://www.suse.com/security/cve/CVE-2026-6507"
},
{
"category": "external",
"summary": "SUSE Bug 1262487 for CVE-2026-6507",
"url": "https://bugzilla.suse.com/1262487"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:dnsmasq-2.92rel2-18.27.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dnsmasq-2.92rel2-18.27.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dnsmasq-2.92rel2-18.27.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dnsmasq-2.92rel2-18.27.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:dnsmasq-2.92rel2-18.27.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5:dnsmasq-2.92rel2-18.27.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5:dnsmasq-2.92rel2-18.27.1.s390x",
"SUSE Linux Enterprise Server 12 SP5:dnsmasq-2.92rel2-18.27.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dnsmasq-2.92rel2-18.27.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:dnsmasq-2.92rel2-18.27.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dnsmasq-2.92rel2-18.27.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dnsmasq-2.92rel2-18.27.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:dnsmasq-2.92rel2-18.27.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:dnsmasq-2.92rel2-18.27.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5:dnsmasq-2.92rel2-18.27.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5:dnsmasq-2.92rel2-18.27.1.s390x",
"SUSE Linux Enterprise Server 12 SP5:dnsmasq-2.92rel2-18.27.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:dnsmasq-2.92rel2-18.27.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-18T15:54:25Z",
"details": "important"
}
],
"title": "CVE-2026-6507"
}
]
}
WID-SEC-W-2026-1468
Vulnerability from csaf_certbund - Published: 2026-05-11 22:00 - Updated: 2026-06-10 22:00| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Open Source dnsmasq <2.92rel2
Open Source / dnsmasq
|
<2.92rel2 | ||
|
Debian Linux
Debian
|
cpe:/o:debian:debian_linux:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Ubuntu Linux
Ubuntu
|
cpe:/o:canonical:ubuntu_linux:-
|
— | |
|
SUSE openSUSE
SUSE
|
cpe:/o:suse:opensuse:-
|
— | |
|
Amazon Linux 2
Amazon
|
cpe:/o:amazon:linux_2:-
|
— | |
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
RESF Rocky Linux
RESF
|
cpe:/o:resf:rocky_linux:-
|
— | |
|
Fedora Linux
Fedora
|
cpe:/o:fedoraproject:fedora:-
|
— |
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Open Source dnsmasq <2.92rel2
Open Source / dnsmasq
|
<2.92rel2 | ||
|
Debian Linux
Debian
|
cpe:/o:debian:debian_linux:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Ubuntu Linux
Ubuntu
|
cpe:/o:canonical:ubuntu_linux:-
|
— | |
|
SUSE openSUSE
SUSE
|
cpe:/o:suse:opensuse:-
|
— | |
|
Amazon Linux 2
Amazon
|
cpe:/o:amazon:linux_2:-
|
— | |
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
RESF Rocky Linux
RESF
|
cpe:/o:resf:rocky_linux:-
|
— | |
|
Fedora Linux
Fedora
|
cpe:/o:fedoraproject:fedora:-
|
— |
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Open Source dnsmasq <2.92rel2
Open Source / dnsmasq
|
<2.92rel2 | ||
|
Debian Linux
Debian
|
cpe:/o:debian:debian_linux:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Ubuntu Linux
Ubuntu
|
cpe:/o:canonical:ubuntu_linux:-
|
— | |
|
SUSE openSUSE
SUSE
|
cpe:/o:suse:opensuse:-
|
— | |
|
Amazon Linux 2
Amazon
|
cpe:/o:amazon:linux_2:-
|
— | |
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
RESF Rocky Linux
RESF
|
cpe:/o:resf:rocky_linux:-
|
— | |
|
Fedora Linux
Fedora
|
cpe:/o:fedoraproject:fedora:-
|
— |
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Open Source dnsmasq <2.92rel2
Open Source / dnsmasq
|
<2.92rel2 | ||
|
Debian Linux
Debian
|
cpe:/o:debian:debian_linux:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Ubuntu Linux
Ubuntu
|
cpe:/o:canonical:ubuntu_linux:-
|
— | |
|
SUSE openSUSE
SUSE
|
cpe:/o:suse:opensuse:-
|
— | |
|
Amazon Linux 2
Amazon
|
cpe:/o:amazon:linux_2:-
|
— | |
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
RESF Rocky Linux
RESF
|
cpe:/o:resf:rocky_linux:-
|
— | |
|
Fedora Linux
Fedora
|
cpe:/o:fedoraproject:fedora:-
|
— |
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Open Source dnsmasq <2.92rel2
Open Source / dnsmasq
|
<2.92rel2 | ||
|
Debian Linux
Debian
|
cpe:/o:debian:debian_linux:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Ubuntu Linux
Ubuntu
|
cpe:/o:canonical:ubuntu_linux:-
|
— | |
|
SUSE openSUSE
SUSE
|
cpe:/o:suse:opensuse:-
|
— | |
|
Amazon Linux 2
Amazon
|
cpe:/o:amazon:linux_2:-
|
— | |
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
RESF Rocky Linux
RESF
|
cpe:/o:resf:rocky_linux:-
|
— | |
|
Fedora Linux
Fedora
|
cpe:/o:fedoraproject:fedora:-
|
— |
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Open Source dnsmasq <2.92rel2
Open Source / dnsmasq
|
<2.92rel2 | ||
|
Debian Linux
Debian
|
cpe:/o:debian:debian_linux:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Ubuntu Linux
Ubuntu
|
cpe:/o:canonical:ubuntu_linux:-
|
— | |
|
SUSE openSUSE
SUSE
|
cpe:/o:suse:opensuse:-
|
— | |
|
Amazon Linux 2
Amazon
|
cpe:/o:amazon:linux_2:-
|
— | |
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
RESF Rocky Linux
RESF
|
cpe:/o:resf:rocky_linux:-
|
— | |
|
Fedora Linux
Fedora
|
cpe:/o:fedoraproject:fedora:-
|
— |
{
"document": {
"aggregate_severity": {
"text": "hoch"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "Dnsmasq ist ein leichtgewichtiger DNS- und DHCP Server.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein Angreifer kann mehrere Schwachstellen in dnsmasq ausnutzen, um einen Denial-of-Service-Zustand zu verursachen, beliebigen Code mit Root-Rechten auszuf\u00fchren, vertrauliche Informationen offenzulegen, Daten zu manipulieren und Benutzer auf b\u00f6sartige Domains umzuleiten",
"title": "Angriff"
},
{
"category": "general",
"text": "- Linux\n- UNIX",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2026-1468 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2026/wid-sec-w-2026-1468.json"
},
{
"category": "self",
"summary": "WID-SEC-2026-1468 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2026-1468"
},
{
"category": "external",
"summary": "CERT Coordination Center vom 2026-05-11",
"url": "https://www.kb.cert.org/vuls/id/471747"
},
{
"category": "external",
"summary": "dnsmasq Changelog vom 2026-05-11",
"url": "https://thekelleys.org.uk/dnsmasq/CHANGELOG"
},
{
"category": "external",
"summary": "Debian Security Advisory DSA-6264 vom 2026-05-11",
"url": "https://lists.debian.org/debian-security-announce/2026/msg00175.html"
},
{
"category": "external",
"summary": "Fedora Security Advisory FEDORA-2026-AC5CCEEC13 vom 2026-05-12",
"url": "https://bodhi.fedoraproject.org/updates/FEDORA-2026-ac5cceec13"
},
{
"category": "external",
"summary": "Fedora Security Advisory FEDORA-2026-6384A3CF14 vom 2026-05-12",
"url": "https://bodhi.fedoraproject.org/updates/FEDORA-2026-6384a3cf14"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2026:1827-1 vom 2026-05-13",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2026-May/026015.html"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-8268-1 vom 2026-05-13",
"url": "https://ubuntu.com/security/notices/USN-8268-1"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2026:1826-1 vom 2026-05-13",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2026-May/026016.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2026:1828-1 vom 2026-05-13",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2026-May/026014.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2026:21640-1 vom 2026-05-15",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2026-May/026052.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2026:21626-1 vom 2026-05-15",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2026-May/026066.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2026:21633-1 vom 2026-05-15",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2026-May/026059.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2026:1934-1 vom 2026-05-18",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2026-May/026121.html"
},
{
"category": "external",
"summary": "openSUSE Security Update OPENSUSE-SU-2026:20748-1 vom 2026-05-19",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/RQFO6J45PPUW5LJFB2HSLIVIAQLUV75Z/"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2026:21677-1 vom 2026-05-19",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2026-May/026158.html"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2026:19373 vom 2026-05-20",
"url": "https://access.redhat.com/errata/RHSA-2026:19373"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2026:19158 vom 2026-05-19",
"url": "https://access.redhat.com/errata/RHSA-2026:19158"
},
{
"category": "external",
"summary": "openSUSE Security Update OPENSUSE-SU-2026:10821-1 vom 2026-05-21",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/ZVZVK3B6N4KRDHO7EXWKA5KSCH5VKF5K/"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2026:21733-1 vom 2026-05-22",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2026-May/026266.html"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2026:20589 vom 2026-05-26",
"url": "https://access.redhat.com/errata/RHSA-2026:20589"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2026-20589 vom 2026-05-26",
"url": "https://linux.oracle.com/errata/ELSA-2026-20589.html"
},
{
"category": "external",
"summary": "Amazon Linux Security Advisory ALAS2-2026-3318 vom 2026-05-26",
"url": "https://alas.aws.amazon.com/AL2/ALAS2-2026-3318.html"
},
{
"category": "external",
"summary": "Amazon Linux Security Advisory ALAS2DNSMASQ-2026-004 vom 2026-05-26",
"url": "https://alas.aws.amazon.com/AL2/ALAS2DNSMASQ-2026-004.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2026:21788-1 vom 2026-05-27",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2026-May/026352.html"
},
{
"category": "external",
"summary": "Rocky Linux Security Advisory RLSA-2026:20589 vom 2026-05-29",
"url": "https://errata.build.resf.org/RLSA-2026:20589"
},
{
"category": "external",
"summary": "Debian Security Advisory DLA-4625 vom 2026-06-10",
"url": "https://lists.debian.org/debian-lts-announce/2026/06/msg00014.html"
}
],
"source_lang": "en-US",
"title": "dnsmasq: Mehrere Schwachstellen",
"tracking": {
"current_release_date": "2026-06-10T22:00:00.000+00:00",
"generator": {
"date": "2026-06-11T10:21:22.521+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.6.0"
}
},
"id": "WID-SEC-W-2026-1468",
"initial_release_date": "2026-05-11T22:00:00.000+00:00",
"revision_history": [
{
"date": "2026-05-11T22:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
},
{
"date": "2026-05-12T22:00:00.000+00:00",
"number": "2",
"summary": "Neue Updates von Fedora aufgenommen"
},
{
"date": "2026-05-14T22:00:00.000+00:00",
"number": "3",
"summary": "Neue Updates von SUSE und Ubuntu aufgenommen"
},
{
"date": "2026-05-17T22:00:00.000+00:00",
"number": "4",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2026-05-18T22:00:00.000+00:00",
"number": "5",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2026-05-19T22:00:00.000+00:00",
"number": "6",
"summary": "Neue Updates von SUSE und Red Hat aufgenommen"
},
{
"date": "2026-05-21T22:00:00.000+00:00",
"number": "7",
"summary": "Neue Updates von openSUSE aufgenommen"
},
{
"date": "2026-05-25T22:00:00.000+00:00",
"number": "8",
"summary": "Neue Updates von SUSE und Red Hat aufgenommen"
},
{
"date": "2026-05-26T22:00:00.000+00:00",
"number": "9",
"summary": "Neue Updates von Oracle Linux und Amazon aufgenommen"
},
{
"date": "2026-05-27T22:00:00.000+00:00",
"number": "10",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2026-05-28T22:00:00.000+00:00",
"number": "11",
"summary": "Neue Updates von Rocky Enterprise Software Foundation aufgenommen"
},
{
"date": "2026-06-10T22:00:00.000+00:00",
"number": "12",
"summary": "Neue Updates von Debian aufgenommen"
}
],
"status": "final",
"version": "12"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Amazon Linux 2",
"product": {
"name": "Amazon Linux 2",
"product_id": "398363",
"product_identification_helper": {
"cpe": "cpe:/o:amazon:linux_2:-"
}
}
}
],
"category": "vendor",
"name": "Amazon"
},
{
"branches": [
{
"category": "product_name",
"name": "Debian Linux",
"product": {
"name": "Debian Linux",
"product_id": "2951",
"product_identification_helper": {
"cpe": "cpe:/o:debian:debian_linux:-"
}
}
}
],
"category": "vendor",
"name": "Debian"
},
{
"branches": [
{
"category": "product_name",
"name": "Fedora Linux",
"product": {
"name": "Fedora Linux",
"product_id": "74185",
"product_identification_helper": {
"cpe": "cpe:/o:fedoraproject:fedora:-"
}
}
}
],
"category": "vendor",
"name": "Fedora"
},
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c2.92rel2",
"product": {
"name": "Open Source dnsmasq \u003c2.92rel2",
"product_id": "T053807"
}
},
{
"category": "product_version",
"name": "2.92rel2",
"product": {
"name": "Open Source dnsmasq 2.92rel2",
"product_id": "T053807-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:dnsmasq:dnsmasq:2.92rel2"
}
}
}
],
"category": "product_name",
"name": "dnsmasq"
}
],
"category": "vendor",
"name": "Open Source"
},
{
"branches": [
{
"category": "product_name",
"name": "Oracle Linux",
"product": {
"name": "Oracle Linux",
"product_id": "T004914",
"product_identification_helper": {
"cpe": "cpe:/o:oracle:linux:-"
}
}
}
],
"category": "vendor",
"name": "Oracle"
},
{
"branches": [
{
"category": "product_name",
"name": "RESF Rocky Linux",
"product": {
"name": "RESF Rocky Linux",
"product_id": "T032255",
"product_identification_helper": {
"cpe": "cpe:/o:resf:rocky_linux:-"
}
}
}
],
"category": "vendor",
"name": "RESF"
},
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux",
"product": {
"name": "Red Hat Enterprise Linux",
"product_id": "67646",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:-"
}
}
}
],
"category": "vendor",
"name": "Red Hat"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux",
"product": {
"name": "SUSE Linux",
"product_id": "T002207",
"product_identification_helper": {
"cpe": "cpe:/o:suse:suse_linux:-"
}
}
},
{
"category": "product_name",
"name": "SUSE openSUSE",
"product": {
"name": "SUSE openSUSE",
"product_id": "T027843",
"product_identification_helper": {
"cpe": "cpe:/o:suse:opensuse:-"
}
}
}
],
"category": "vendor",
"name": "SUSE"
},
{
"branches": [
{
"category": "product_name",
"name": "Ubuntu Linux",
"product": {
"name": "Ubuntu Linux",
"product_id": "T000126",
"product_identification_helper": {
"cpe": "cpe:/o:canonical:ubuntu_linux:-"
}
}
}
],
"category": "vendor",
"name": "Ubuntu"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2026-2291",
"product_status": {
"known_affected": [
"T053807",
"2951",
"T002207",
"67646",
"T000126",
"T027843",
"398363",
"T004914",
"T032255",
"74185"
]
},
"release_date": "2026-05-11T22:00:00.000+00:00",
"title": "CVE-2026-2291"
},
{
"cve": "CVE-2026-4892",
"product_status": {
"known_affected": [
"T053807",
"2951",
"T002207",
"67646",
"T000126",
"T027843",
"398363",
"T004914",
"T032255",
"74185"
]
},
"release_date": "2026-05-11T22:00:00.000+00:00",
"title": "CVE-2026-4892"
},
{
"cve": "CVE-2026-4893",
"product_status": {
"known_affected": [
"T053807",
"2951",
"T002207",
"67646",
"T000126",
"T027843",
"398363",
"T004914",
"T032255",
"74185"
]
},
"release_date": "2026-05-11T22:00:00.000+00:00",
"title": "CVE-2026-4893"
},
{
"cve": "CVE-2026-5172",
"product_status": {
"known_affected": [
"T053807",
"2951",
"T002207",
"67646",
"T000126",
"T027843",
"398363",
"T004914",
"T032255",
"74185"
]
},
"release_date": "2026-05-11T22:00:00.000+00:00",
"title": "CVE-2026-5172"
},
{
"cve": "CVE-2026-4891",
"product_status": {
"known_affected": [
"T053807",
"2951",
"T002207",
"67646",
"T000126",
"T027843",
"398363",
"T004914",
"T032255",
"74185"
]
},
"release_date": "2026-05-11T22:00:00.000+00:00",
"title": "CVE-2026-4891"
},
{
"cve": "CVE-2026-4890",
"product_status": {
"known_affected": [
"T053807",
"2951",
"T002207",
"67646",
"T000126",
"T027843",
"398363",
"T004914",
"T032255",
"74185"
]
},
"release_date": "2026-05-11T22:00:00.000+00:00",
"title": "CVE-2026-4890"
}
]
}
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.