ELSA-2026-20589

ELSA-2026-20589 - dnsmasq security update

Type:	SECURITY
Impact:	IMPORTANT
Release Date:	2026-05-26

Description

[2.79-36]
- Prevent overflow in extract_name function (CVE-2026-2291)
- Prevent DoS in DNSSEC validation (CVE-2026-4890)
- Prevent out-of-bounds read in DNSSEC validation (CVE-2026-4891)
- Prevent out-of-bounds write in DHCPv6 server (CVE-2026-4892)
- Prevent source check avoidance by RFC 7871 client-subnet (CVE-2026-4893)

Related CVEs

CVE-2026-2291

CVE-2026-4890

CVE-2026-4891

CVE-2026-4892

CVE-2026-4893

Updated Packages

Release/Architecture	Filename	sha256	Superseded By Advisory	Channel Label
Oracle Linux 8 (aarch64)	dnsmasq-2.79-36.el8_10.src.rpm	c0d9bbd1f01ede45846d1dba066505354d2cfa012d9f3c1028f4f27d72f4d167	-	ol8_aarch64_appstream
	dnsmasq-2.79-36.el8_10.aarch64.rpm	cddf318d76b91beff0671c380ea39a672fb9a28d340a2f4403685876b6f040e0	-	ol8_aarch64_appstream
	dnsmasq-utils-2.79-36.el8_10.aarch64.rpm	4eb28065e862313f103df6a0f3833effd70c3fbdd99926e4295b173d9e88fa2e	-	ol8_aarch64_appstream
Oracle Linux 8 (x86_64)	dnsmasq-2.79-36.el8_10.src.rpm	c0d9bbd1f01ede45846d1dba066505354d2cfa012d9f3c1028f4f27d72f4d167	-	ol8_x86_64_appstream
	dnsmasq-2.79-36.el8_10.x86_64.rpm	40b3c3f2d9cde02938346542061e14777267461107f45b8360ea14e49747c502	-	ol8_x86_64_appstream
	dnsmasq-utils-2.79-36.el8_10.x86_64.rpm	8c19a3555a60a20589dc4901f7b58b33cd47e8d4cfa6b3a1f6aacac72ad981c2	-	ol8_x86_64_appstream

This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections please contact the Oracle Linux ULN team