ELSA-2026-19373

ELSA-2026-19373 - dnsmasq security update

Type:	SECURITY
Impact:	IMPORTANT
Release Date:	2026-06-23

Description

[2.85-18.1]
- Prevent overflow in extract_name function (CVE-2026-2291)
- Prevent DoS in DNSSEC validation (CVE-2026-4890)
- Prevent out-of-bounds read in DNSSEC validation (CVE-2026-4891)
- Prevent out-of-bounds write in DHCPv6 server (CVE-2026-4892)
- Prevent source check avoidance by RFC 7871 client-subnet (CVE-2026-4893)

Related CVEs

CVE-2026-2291

CVE-2026-4890

CVE-2026-4891

CVE-2026-4892

CVE-2026-4893

Updated Packages

Release/Architecture	Filename	sha256	Superseded By Advisory	Channel Label
Oracle Linux 9 (aarch64)	dnsmasq-2.85-18.el9_8.1.src.rpm	4340546162af9b54fbae81897ce2dfd9224e0e5ef65371567837fc85f1b518cc	-	ol9_aarch64_appstream
	dnsmasq-2.85-18.el9_8.1.aarch64.rpm	540045c857c5208e9d625f79d86b08c53e8a05ac49b2535a0e7be582f267baa8	-	ol9_aarch64_appstream
	dnsmasq-utils-2.85-18.el9_8.1.aarch64.rpm	d365e3f30404fcd3876c16de9587ad7126eb02b090a863f86d93a906ffdc4eb2	-	ol9_aarch64_appstream
Oracle Linux 9 (x86_64)	dnsmasq-2.85-18.el9_8.1.src.rpm	4340546162af9b54fbae81897ce2dfd9224e0e5ef65371567837fc85f1b518cc	-	ol9_x86_64_appstream
	dnsmasq-2.85-18.el9_8.1.x86_64.rpm	8cfca9e46b286ea1959cd3f082c50d23413b895fbc9f6555a5675dc8c28ac8c9	-	ol9_x86_64_appstream
	dnsmasq-utils-2.85-18.el9_8.1.x86_64.rpm	583acc078f7a8d6510371ff6f3da094efa03cee53ca64099424cbd4b84f6b986	-	ol9_x86_64_appstream

This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections please contact the Oracle Linux ULN team