Security update for dnsmasq

Announcement ID:	SUSE-SU-2026:1934-1
Release Date:	2026-05-18T07:40:18Z
Rating:	important
References:	bsc#1247812 bsc#1257934 bsc#1258251 bsc#1262487 bsc#1265001 bsc#1265002 bsc#1265003 bsc#1265004 bsc#1265006 jsc#PED-266
Cross-References:	CVE-2026-2291 CVE-2026-4890 CVE-2026-4891 CVE-2026-4892 CVE-2026-4893 CVE-2026-5172 CVE-2026-6507
CVSS scores:	CVE-2026-2291 ( SUSE ): 9.2 CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N CVE-2026-2291 ( SUSE ): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2026-2291 ( NVD ): 7.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L CVE-2026-4890 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2026-4890 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2026-4891 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N CVE-2026-4891 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N CVE-2026-4892 ( SUSE ): 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2026-4892 ( NVD ): 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2026-4893 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N CVE-2026-4893 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N CVE-2026-5172 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2026-5172 ( NVD ): 7.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L CVE-2026-6507 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N CVE-2026-6507 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2026-6507 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Affected Products:	Basesystem Module 15-SP7 openSUSE Leap 15.4 SUSE Linux Enterprise Desktop 15 SP7 SUSE Linux Enterprise High Performance Computing 15 SP4 SUSE Linux Enterprise High Performance Computing 15 SP5 SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 SUSE Linux Enterprise Micro 5.3 SUSE Linux Enterprise Micro 5.4 SUSE Linux Enterprise Micro 5.5 SUSE Linux Enterprise Micro for Rancher 5.3 SUSE Linux Enterprise Micro for Rancher 5.4 SUSE Linux Enterprise Real Time 15 SP7 SUSE Linux Enterprise Server 15 SP4 SUSE Linux Enterprise Server 15 SP4 LTSS SUSE Linux Enterprise Server 15 SP5 SUSE Linux Enterprise Server 15 SP5 LTSS SUSE Linux Enterprise Server 15 SP6 SUSE Linux Enterprise Server 15 SP6 LTSS SUSE Linux Enterprise Server 15 SP7 SUSE Linux Enterprise Server for SAP Applications 15 SP4 SUSE Linux Enterprise Server for SAP Applications 15 SP5 SUSE Linux Enterprise Server for SAP Applications 15 SP6 SUSE Linux Enterprise Server for SAP Applications 15 SP7

An update that solves seven vulnerabilities, contains one feature and has two security fixes can now be installed.

Description:

This update for dnsmasq fixes the following issues

Security issues:

• CVE-2026-4890: DoS vulnerability in the DNSSEC validation (bsc#1265001).
• CVE-2026-4891: heap-based out-of-bounds read vulnerability in the DNSSEC validation (bsc#1265002).
• CVE-2026-4892: heap-based out-of-bounds write vulnerability in the DHCPv6 implementation (bsc#1265003).
• CVE-2026-4893: information disclosure vulnerability in dnsmasq allows remote attackers to bypass source checks (bsc#1265004).
• CVE-2026-5172: buffer overflow in dnsmasq's extract_addresses() function (bsc#1265006).
• CVE-2026-6507: out-of-bounds write in DHCP BOOTREPLY processing can lead to denial of service (bsc#1262487).

Non security issues:

• Updated to security release 2.92rel2.
• aardvark-dns upstream tests make dnsmasq dump core (bsc#1247812).
• Drop rcFOO symlinks for CODE16 (jsc#PED-266).
• libnettle: update to 4.0 breaks dnsmasq and gnutls (bsc#1257934).

Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

• SUSE Linux Enterprise Server 15 SP6 LTSS
  zypper in -t patch SUSE-SLE-Product-SLES-15-SP6-LTSS-2026-1934=1
• SUSE Linux Enterprise Server for SAP Applications 15 SP4
  zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP4-2026-1934=1
• SUSE Linux Enterprise Server for SAP Applications 15 SP5
  zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP5-2026-1934=1
• SUSE Linux Enterprise Server for SAP Applications 15 SP6
  zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP6-2026-1934=1
• openSUSE Leap 15.4
  zypper in -t patch SUSE-2026-1934=1
• SUSE Linux Enterprise Micro for Rancher 5.3
  zypper in -t patch SUSE-SLE-Micro-5.3-2026-1934=1
• SUSE Linux Enterprise Micro 5.3
  zypper in -t patch SUSE-SLE-Micro-5.3-2026-1934=1
• SUSE Linux Enterprise Micro for Rancher 5.4
  zypper in -t patch SUSE-SLE-Micro-5.4-2026-1934=1
• SUSE Linux Enterprise Micro 5.4
  zypper in -t patch SUSE-SLE-Micro-5.4-2026-1934=1
• SUSE Linux Enterprise Micro 5.5
  zypper in -t patch SUSE-SLE-Micro-5.5-2026-1934=1
• Basesystem Module 15-SP7
  zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP7-2026-1934=1
• SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4
  zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-ESPOS-2026-1934=1
• SUSE Linux Enterprise High Performance Computing LTSS 15 SP4
  zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-LTSS-2026-1934=1
• SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5
  zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-ESPOS-2026-1934=1
• SUSE Linux Enterprise High Performance Computing LTSS 15 SP5
  zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-LTSS-2026-1934=1
• SUSE Linux Enterprise Server 15 SP4 LTSS
  zypper in -t patch SUSE-SLE-Product-SLES-15-SP4-LTSS-2026-1934=1
• SUSE Linux Enterprise Server 15 SP5 LTSS
  zypper in -t patch SUSE-SLE-Product-SLES-15-SP5-LTSS-2026-1934=1

Package List:

• SUSE Linux Enterprise Server 15 SP6 LTSS (aarch64 ppc64le s390x x86_64)
  • dnsmasq-2.92rel2-150400.16.12.1
  • dnsmasq-debuginfo-2.92rel2-150400.16.12.1
• SUSE Linux Enterprise Server for SAP Applications 15 SP4 (ppc64le x86_64)
  • dnsmasq-2.92rel2-150400.16.12.1
  • dnsmasq-debuginfo-2.92rel2-150400.16.12.1
• SUSE Linux Enterprise Server for SAP Applications 15 SP5 (ppc64le x86_64)
  • dnsmasq-2.92rel2-150400.16.12.1
  • dnsmasq-debuginfo-2.92rel2-150400.16.12.1
• SUSE Linux Enterprise Server for SAP Applications 15 SP6 (ppc64le x86_64)
  • dnsmasq-2.92rel2-150400.16.12.1
  • dnsmasq-debuginfo-2.92rel2-150400.16.12.1
• openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64 i586)
  • dnsmasq-2.92rel2-150400.16.12.1
  • dnsmasq-utils-debuginfo-2.92rel2-150400.16.12.1
  • dnsmasq-debuginfo-2.92rel2-150400.16.12.1
  • dnsmasq-utils-2.92rel2-150400.16.12.1
• SUSE Linux Enterprise Micro for Rancher 5.3 (aarch64 s390x x86_64)
  • dnsmasq-2.92rel2-150400.16.12.1
  • dnsmasq-debuginfo-2.92rel2-150400.16.12.1
• SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64)
  • dnsmasq-2.92rel2-150400.16.12.1
  • dnsmasq-debuginfo-2.92rel2-150400.16.12.1
• SUSE Linux Enterprise Micro for Rancher 5.4 (aarch64 s390x x86_64)
  • dnsmasq-2.92rel2-150400.16.12.1
  • dnsmasq-debuginfo-2.92rel2-150400.16.12.1
• SUSE Linux Enterprise Micro 5.4 (aarch64 s390x x86_64)
  • dnsmasq-2.92rel2-150400.16.12.1
  • dnsmasq-debuginfo-2.92rel2-150400.16.12.1
• SUSE Linux Enterprise Micro 5.5 (aarch64 ppc64le s390x x86_64)
  • dnsmasq-2.92rel2-150400.16.12.1
  • dnsmasq-debuginfo-2.92rel2-150400.16.12.1
• Basesystem Module 15-SP7 (aarch64 ppc64le s390x x86_64)
  • dnsmasq-2.92rel2-150400.16.12.1
  • dnsmasq-debuginfo-2.92rel2-150400.16.12.1
• SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (aarch64 x86_64)
  • dnsmasq-2.92rel2-150400.16.12.1
  • dnsmasq-debuginfo-2.92rel2-150400.16.12.1
• SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (aarch64 x86_64)
  • dnsmasq-2.92rel2-150400.16.12.1
  • dnsmasq-debuginfo-2.92rel2-150400.16.12.1
• SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 (aarch64 x86_64)
  • dnsmasq-2.92rel2-150400.16.12.1
  • dnsmasq-debuginfo-2.92rel2-150400.16.12.1
• SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 (aarch64 x86_64)
  • dnsmasq-2.92rel2-150400.16.12.1
  • dnsmasq-debuginfo-2.92rel2-150400.16.12.1
• SUSE Linux Enterprise Server 15 SP4 LTSS (aarch64 ppc64le s390x x86_64)
  • dnsmasq-2.92rel2-150400.16.12.1
  • dnsmasq-debuginfo-2.92rel2-150400.16.12.1
• SUSE Linux Enterprise Server 15 SP5 LTSS (aarch64 ppc64le s390x x86_64)
  • dnsmasq-2.92rel2-150400.16.12.1
  • dnsmasq-debuginfo-2.92rel2-150400.16.12.1

References:

• https://www.suse.com/security/cve/CVE-2026-2291.html
• https://www.suse.com/security/cve/CVE-2026-4890.html
• https://www.suse.com/security/cve/CVE-2026-4891.html
• https://www.suse.com/security/cve/CVE-2026-4892.html
• https://www.suse.com/security/cve/CVE-2026-4893.html
• https://www.suse.com/security/cve/CVE-2026-5172.html
• https://www.suse.com/security/cve/CVE-2026-6507.html
• https://bugzilla.suse.com/show_bug.cgi?id=1247812
• https://bugzilla.suse.com/show_bug.cgi?id=1257934
• https://bugzilla.suse.com/show_bug.cgi?id=1258251
• https://bugzilla.suse.com/show_bug.cgi?id=1262487
• https://bugzilla.suse.com/show_bug.cgi?id=1265001
• https://bugzilla.suse.com/show_bug.cgi?id=1265002
• https://bugzilla.suse.com/show_bug.cgi?id=1265003
• https://bugzilla.suse.com/show_bug.cgi?id=1265004
• https://bugzilla.suse.com/show_bug.cgi?id=1265006
• https://jira.suse.com/browse/PED-266