ALSA-2026:19158
See a problem?- Import Source
- https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux10/ALSA-2026:19158.json
- JSON Data
- https://api.osv.dev/v1/vulns/ALSA-2026:19158
- Related
- Published
- 2026-05-19T00:00:00Z
- Modified
- 2026-05-26T16:45:15.459769464Z
- Summary
- Important: dnsmasq security update
- Details
-
The dnsmasq packages contain Dnsmasq, a lightweight DNS (Domain Name Server) forwarder and DHCP (Dynamic Host Configuration Protocol) server.
Security Fix(es):
- dnsmasq: dnsmasq: heap buffer overflow in cache via NAME_ESCAPE expansion (CVE-2026-2291)
- dnsmasq: NSEC bitmap parsing infinite loop (CVE-2026-4890)
- dnsmasq: RRSIG rdlen underflow leading to heap OOB read (CVE-2026-4891)
- dnsmasq: DHCPv6 CLID buffer overflow in helper process (CVE-2026-4892)
- dnsmasq: Broken ECS source validation bypass (CVE-2026-4893)
- dnsmasq: extract_addresses() OOB read via malformed rdlen (CVE-2026-5172)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
- References
-
- https://access.redhat.com/errata/RHSA-2026:19158
- https://access.redhat.com/security/cve/CVE-2026-2291
- https://access.redhat.com/security/cve/CVE-2026-4890
- https://access.redhat.com/security/cve/CVE-2026-4891
- https://access.redhat.com/security/cve/CVE-2026-4892
- https://access.redhat.com/security/cve/CVE-2026-4893
- https://access.redhat.com/security/cve/CVE-2026-5172
- https://bugzilla.redhat.com/2439088
- https://bugzilla.redhat.com/2458516
- https://bugzilla.redhat.com/2458517
- https://bugzilla.redhat.com/2458518
- https://bugzilla.redhat.com/2458519
- https://bugzilla.redhat.com/2458521
- https://errata.almalinux.org/10/ALSA-2026-19158.html
Affected packages
AlmaLinux:10 / dnsmasq
Package
- Name
- dnsmasq
- Purl
- pkg:rpm/almalinux/dnsmasq