ELSA-2026-19158

ELSA-2026-19158 - dnsmasq security update

Type:SECURITY
Impact:IMPORTANT
Release Date:2026-07-16

Description


[2.90-7]
- Prevent overflow in extract_name function (CVE-2026-2291)
- Prevent DoS in DNSSEC validation (CVE-2026-4890)
- Prevent out-of-bounds read in DNSSEC validation (CVE-2026-4891)
- Prevent out-of-bounds write in DHCPv6 server (CVE-2026-4892)
- Prevent source check avoidance by RFC 7871 client-subnet (CVE-2026-4893)
- Prevent out-of-bounds read in extract_addresses (CVE-2026-5172)

[2.90-6]
- Prevent heap buffer overflow in cache via NAME_ESCAPE expansion
(CVE-2026-2291)


Related CVEs


CVE-2026-2291
CVE-2026-4890
CVE-2026-4891
CVE-2026-4892
CVE-2026-4893
CVE-2026-5172

Updated Packages


Release/ArchitectureFilenamesha256Superseded By AdvisoryChannel Label
Oracle Linux 10 (aarch64) dnsmasq-2.90-7.el10_2.src.rpm841f09480044d9dad7902ddba7a9270c898ba55cb011f55ab47d7d3d24b7b396-ol10_aarch64_appstream
dnsmasq-2.90-7.el10_2.aarch64.rpm06d7ef3da279fa6d40b819d176ac26c307cc505561f74e9a596c2bc6c100225b-ol10_aarch64_appstream
dnsmasq-utils-2.90-7.el10_2.aarch64.rpmdf9a579bdde07712fc9b017f0fb275f0d72ef947096ec277da4467d8a54d993d-ol10_aarch64_appstream
Oracle Linux 10 (x86_64) dnsmasq-2.90-7.el10_2.src.rpm841f09480044d9dad7902ddba7a9270c898ba55cb011f55ab47d7d3d24b7b396-ol10_x86_64_appstream
dnsmasq-2.90-7.el10_2.x86_64.rpm6151dcf390f7c55b14d1b2dd629e27a2aad637fea61a4482104ab2e0a54f199c-ol10_x86_64_appstream
dnsmasq-utils-2.90-7.el10_2.x86_64.rpmbf95a432f652bcee568c81eb39905fc7edd60ac69b492fc4d11d15d03de73c56-ol10_x86_64_appstream



This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections please contact the Oracle Linux ULN team

software.hardware.complete