Skip to navigation Skip to main content

Utilities

  • Subscriptions
  • Downloads
  • Red Hat Console
  • Get Support
Red Hat Customer Portal
  • Subscriptions
  • Downloads
  • Red Hat Console
  • Get Support
  • Products

    Top Products

    • Red Hat Enterprise Linux
    • Red Hat OpenShift
    • Red Hat Ansible Automation Platform
    All Products

    Downloads and Containers

    • Downloads
    • Packages
    • Containers

    Top Resources

    • Documentation
    • Product Life Cycles
    • Product Compliance
    • Errata
  • Knowledge

    Red Hat Knowledge Center

    • Knowledgebase Solutions
    • Knowledgebase Articles
    • Customer Portal Labs
    • Errata

    Top Product Docs

    • Red Hat Enterprise Linux
    • Red Hat OpenShift
    • Red Hat Ansible Automation Platform
    All Product Docs

    Training and Certification

    • About
    • Course Index
    • Certification Index
    • Skill Assessment
  • Security

    Red Hat Product Security Center

    • Security Updates
    • Security Advisories
    • Red Hat CVE Database
    • Errata

    References

    • Security Bulletins
    • Severity Ratings
    • Security Data

    Top Resources

    • Security Labs
    • Backporting Policies
    • Security Blog
  • Support

    Red Hat Support

    • Support Cases
    • Troubleshoot
    • Get Support
    • Contact Red Hat Support

    Red Hat Community Support

    • Customer Portal Community
    • Community Discussions
    • Red Hat Accelerator Program

    Top Resources

    • Product Life Cycles
    • Customer Portal Labs
    • Red Hat JBoss Supported Configurations
    • Red Hat Lightspeed
Or troubleshoot an issue.

Select Your Language

  • English
  • Français
  • 한국어
  • 日本語
  • 中文 (中国)

Infrastructure and Management

  • Red Hat Enterprise Linux
  • Red Hat Satellite
  • Red Hat Subscription Management
  • Red Hat Lightspeed
  • Red Hat Ansible Automation Platform

Cloud Computing

  • Red Hat OpenShift
  • Red Hat OpenStack Platform
  • Red Hat OpenShift
  • Red Hat OpenShift AI
  • Red Hat OpenShift Dedicated
  • Red Hat Advanced Cluster Security for Kubernetes
  • Red Hat Advanced Cluster Management for Kubernetes
  • Red Hat Quay
  • Red Hat OpenShift Dev Spaces
  • Red Hat OpenShift Service on AWS

Storage

  • Red Hat Gluster Storage
  • Red Hat Hyperconverged Infrastructure
  • Red Hat Ceph Storage
  • Red Hat OpenShift Data Foundation

Runtimes

  • Red Hat Runtimes
  • Red Hat JBoss Enterprise Application Platform
  • Red Hat Data Grid
  • Red Hat JBoss Web Server
  • Red Hat build of Keycloak
  • Red Hat support for Spring Boot
  • Red Hat build of Node.js
  • Red Hat build of Quarkus

Integration and Automation

  • Red Hat Application Foundations
  • Red Hat Fuse
  • Red Hat AMQ
  • Red Hat 3scale API Management
All Products
Red Hat Product Errata RHSA-2026:34508 - Security Advisory
Issued:
2026-07-01
Updated:
2026-07-01

RHSA-2026:34508 - Security Advisory

  • Overview
  • Updated Packages

Synopsis

Important: dnsmasq security update

Type/Severity

Security Advisory: Important

Red Hat Lightspeed patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for dnsmasq is now available for Red Hat Enterprise Linux 9.6 Extended Update Support.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

The dnsmasq packages contain Dnsmasq, a lightweight DNS (Domain Name Server) forwarder and DHCP (Dynamic Host Configuration Protocol) server.

Security Fix(es):

  • dnsmasq: dnsmasq: heap buffer overflow in cache via NAME_ESCAPE expansion (CVE-2026-2291)
  • dnsmasq: NSEC bitmap parsing infinite loop (CVE-2026-4890)
  • dnsmasq: RRSIG rdlen underflow leading to heap OOB read (CVE-2026-4891)
  • dnsmasq: DHCPv6 CLID buffer overflow in helper process (CVE-2026-4892)
  • dnsmasq: Broken ECS source validation bypass (CVE-2026-4893)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

Affected Products

  • Red Hat Enterprise Linux for x86_64 - Extended Update Support 9.6 x86_64
  • Red Hat Enterprise Linux Server - AUS 9.6 x86_64
  • Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 9.6 s390x
  • Red Hat Enterprise Linux for Power, little endian - Extended Update Support 9.6 ppc64le
  • Red Hat Enterprise Linux for ARM 64 - Extended Update Support 9.6 aarch64
  • Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 9.6 ppc64le
  • Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 9.6 x86_64
  • Red Hat Enterprise Linux for ARM 64 - 4 years of updates 9.6 aarch64
  • Red Hat Enterprise Linux for IBM z Systems - 4 years of updates 9.6 s390x
  • Red Hat Enterprise Linux for x86_64 - Extended Life Cycle 9.6 x86_64
  • Red Hat Enterprise Linux for ARM 64 - Extended Life Cycle 9.6 aarch64
  • Red Hat Enterprise Linux for Power, little endian - Extended Life Cycle 9.6 ppc64le
  • Red Hat Enterprise Linux for IBM z Systems - Extended Life Cycle 9.6 s390x

Fixes

  • BZ - 2439088 - CVE-2026-2291 dnsmasq: dnsmasq: heap buffer overflow in cache via NAME_ESCAPE expansion
  • BZ - 2458516 - CVE-2026-4890 dnsmasq: NSEC bitmap parsing infinite loop
  • BZ - 2458517 - CVE-2026-4891 dnsmasq: RRSIG rdlen underflow leading to heap OOB read
  • BZ - 2458518 - CVE-2026-4892 dnsmasq: DHCPv6 CLID buffer overflow in helper process
  • BZ - 2458519 - CVE-2026-4893 dnsmasq: Broken ECS source validation bypass

CVEs

  • CVE-2026-2291
  • CVE-2026-4890
  • CVE-2026-4891
  • CVE-2026-4892
  • CVE-2026-4893

References

  • https://access.redhat.com/security/updates/classification/#important
Note: More recent versions of these packages may be available. Click a package name for more details.

Red Hat Enterprise Linux for x86_64 - Extended Update Support 9.6

SRPM
dnsmasq-2.85-17.el9_6.1.src.rpm SHA-256: 3ad24239a776558aa5e3ed332c21891d235e062ebdc5a0ca34ca59adbdd8a606
x86_64
dnsmasq-2.85-17.el9_6.1.x86_64.rpm SHA-256: fc0574348898b7eae4a14129ef05370d23b0823bc434b77ac9a8e44b40b2796a
dnsmasq-debuginfo-2.85-17.el9_6.1.x86_64.rpm SHA-256: 403eddd03fbd578191b2e843e17c7bb980f9b42f12eb8e93ea8dc1cba2d97bca
dnsmasq-debugsource-2.85-17.el9_6.1.x86_64.rpm SHA-256: cd6a197d0a5bdd5faac125061262485e132bfc2897c2c99b3141d9508c12f204
dnsmasq-utils-2.85-17.el9_6.1.x86_64.rpm SHA-256: 2d8d33cfb600f6c4018d4e59618218e007fb23a205adfcb5ef3a23ba58a13068
dnsmasq-utils-debuginfo-2.85-17.el9_6.1.x86_64.rpm SHA-256: 663edf6ec59eaa645d115ebba7e5e8229bb65f03f5f140a1163e43dc9cf47996

Red Hat Enterprise Linux Server - AUS 9.6

SRPM
dnsmasq-2.85-17.el9_6.1.src.rpm SHA-256: 3ad24239a776558aa5e3ed332c21891d235e062ebdc5a0ca34ca59adbdd8a606
x86_64
dnsmasq-2.85-17.el9_6.1.x86_64.rpm SHA-256: fc0574348898b7eae4a14129ef05370d23b0823bc434b77ac9a8e44b40b2796a
dnsmasq-debuginfo-2.85-17.el9_6.1.x86_64.rpm SHA-256: 403eddd03fbd578191b2e843e17c7bb980f9b42f12eb8e93ea8dc1cba2d97bca
dnsmasq-debugsource-2.85-17.el9_6.1.x86_64.rpm SHA-256: cd6a197d0a5bdd5faac125061262485e132bfc2897c2c99b3141d9508c12f204
dnsmasq-utils-2.85-17.el9_6.1.x86_64.rpm SHA-256: 2d8d33cfb600f6c4018d4e59618218e007fb23a205adfcb5ef3a23ba58a13068
dnsmasq-utils-debuginfo-2.85-17.el9_6.1.x86_64.rpm SHA-256: 663edf6ec59eaa645d115ebba7e5e8229bb65f03f5f140a1163e43dc9cf47996

Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 9.6

SRPM
dnsmasq-2.85-17.el9_6.1.src.rpm SHA-256: 3ad24239a776558aa5e3ed332c21891d235e062ebdc5a0ca34ca59adbdd8a606
s390x
dnsmasq-2.85-17.el9_6.1.s390x.rpm SHA-256: b1fe87b5f20673e42c1078224cd7b47021de15b4320a86d3cd5f0be75bc643f0
dnsmasq-debuginfo-2.85-17.el9_6.1.s390x.rpm SHA-256: 44fe92a038d96872f0896288b08b3dba77823a17e5968b39ed777a7d6b99f87a
dnsmasq-debugsource-2.85-17.el9_6.1.s390x.rpm SHA-256: bfff712343053fef4886c523a9c93f8c9b0b32d7d58d89f5e1ae030f756b6993
dnsmasq-utils-2.85-17.el9_6.1.s390x.rpm SHA-256: 10cf034c8c1189de2c60f96632f5cec81f22ef324c38e81a33c678b14eaf2fe9
dnsmasq-utils-debuginfo-2.85-17.el9_6.1.s390x.rpm SHA-256: 99bef025a3f375b5f496d50b0da642337bf7841774adcb850d65554d427ac965

Red Hat Enterprise Linux for Power, little endian - Extended Update Support 9.6

SRPM
dnsmasq-2.85-17.el9_6.1.src.rpm SHA-256: 3ad24239a776558aa5e3ed332c21891d235e062ebdc5a0ca34ca59adbdd8a606
ppc64le
dnsmasq-2.85-17.el9_6.1.ppc64le.rpm SHA-256: eb13feec855ac75c2a4c5a906e2c4e0d56ceccd760bbab14b544cb137313391c
dnsmasq-debuginfo-2.85-17.el9_6.1.ppc64le.rpm SHA-256: d5d55de31b101cd3e1a81bec57c6f17e13bf4fc84540c2d62c87727e99a57a18
dnsmasq-debugsource-2.85-17.el9_6.1.ppc64le.rpm SHA-256: c72d1138aa0b585f3b710b1b6feebba00a660d19b1b54f3e2d4fa0e3f4e4d8ed
dnsmasq-utils-2.85-17.el9_6.1.ppc64le.rpm SHA-256: e3583d27c8eee9390480c2f2fcd8febbf58c0dd20daaeef6e4361e2cf940616c
dnsmasq-utils-debuginfo-2.85-17.el9_6.1.ppc64le.rpm SHA-256: 6e1a631095073f7337e7ded918b44f2295fe9ae38ae1a90eafd587ff673d48ca

Red Hat Enterprise Linux for ARM 64 - Extended Update Support 9.6

SRPM
dnsmasq-2.85-17.el9_6.1.src.rpm SHA-256: 3ad24239a776558aa5e3ed332c21891d235e062ebdc5a0ca34ca59adbdd8a606
aarch64
dnsmasq-2.85-17.el9_6.1.aarch64.rpm SHA-256: 228f9db590e5ad51fd29a2ad3c9c1e38349842c3c76509df81a1c4421060bd46
dnsmasq-debuginfo-2.85-17.el9_6.1.aarch64.rpm SHA-256: e797a1e573f8b3fdf923e8e4e993b6d2b2ad87727234e9d2b14ec825e0365a89
dnsmasq-debugsource-2.85-17.el9_6.1.aarch64.rpm SHA-256: 3e863618639961addc8a50f7886b3937daf7657cf5e5f2cca49631139dcd175a
dnsmasq-utils-2.85-17.el9_6.1.aarch64.rpm SHA-256: 6692c3dc4bad159ebd8615b6d23f0da52278bb1521285d9b1b5c22d930363e96
dnsmasq-utils-debuginfo-2.85-17.el9_6.1.aarch64.rpm SHA-256: c44779e3188231afe3e67435fe7cc8a073ca7b3e103a8732e0316309d3511160

Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 9.6

SRPM
dnsmasq-2.85-17.el9_6.1.src.rpm SHA-256: 3ad24239a776558aa5e3ed332c21891d235e062ebdc5a0ca34ca59adbdd8a606
ppc64le
dnsmasq-2.85-17.el9_6.1.ppc64le.rpm SHA-256: eb13feec855ac75c2a4c5a906e2c4e0d56ceccd760bbab14b544cb137313391c
dnsmasq-debuginfo-2.85-17.el9_6.1.ppc64le.rpm SHA-256: d5d55de31b101cd3e1a81bec57c6f17e13bf4fc84540c2d62c87727e99a57a18
dnsmasq-debugsource-2.85-17.el9_6.1.ppc64le.rpm SHA-256: c72d1138aa0b585f3b710b1b6feebba00a660d19b1b54f3e2d4fa0e3f4e4d8ed
dnsmasq-utils-2.85-17.el9_6.1.ppc64le.rpm SHA-256: e3583d27c8eee9390480c2f2fcd8febbf58c0dd20daaeef6e4361e2cf940616c
dnsmasq-utils-debuginfo-2.85-17.el9_6.1.ppc64le.rpm SHA-256: 6e1a631095073f7337e7ded918b44f2295fe9ae38ae1a90eafd587ff673d48ca

Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 9.6

SRPM
dnsmasq-2.85-17.el9_6.1.src.rpm SHA-256: 3ad24239a776558aa5e3ed332c21891d235e062ebdc5a0ca34ca59adbdd8a606
x86_64
dnsmasq-2.85-17.el9_6.1.x86_64.rpm SHA-256: fc0574348898b7eae4a14129ef05370d23b0823bc434b77ac9a8e44b40b2796a
dnsmasq-debuginfo-2.85-17.el9_6.1.x86_64.rpm SHA-256: 403eddd03fbd578191b2e843e17c7bb980f9b42f12eb8e93ea8dc1cba2d97bca
dnsmasq-debugsource-2.85-17.el9_6.1.x86_64.rpm SHA-256: cd6a197d0a5bdd5faac125061262485e132bfc2897c2c99b3141d9508c12f204
dnsmasq-utils-2.85-17.el9_6.1.x86_64.rpm SHA-256: 2d8d33cfb600f6c4018d4e59618218e007fb23a205adfcb5ef3a23ba58a13068
dnsmasq-utils-debuginfo-2.85-17.el9_6.1.x86_64.rpm SHA-256: 663edf6ec59eaa645d115ebba7e5e8229bb65f03f5f140a1163e43dc9cf47996

Red Hat Enterprise Linux for ARM 64 - 4 years of updates 9.6

SRPM
dnsmasq-2.85-17.el9_6.1.src.rpm SHA-256: 3ad24239a776558aa5e3ed332c21891d235e062ebdc5a0ca34ca59adbdd8a606
aarch64
dnsmasq-2.85-17.el9_6.1.aarch64.rpm SHA-256: 228f9db590e5ad51fd29a2ad3c9c1e38349842c3c76509df81a1c4421060bd46
dnsmasq-debuginfo-2.85-17.el9_6.1.aarch64.rpm SHA-256: e797a1e573f8b3fdf923e8e4e993b6d2b2ad87727234e9d2b14ec825e0365a89
dnsmasq-debugsource-2.85-17.el9_6.1.aarch64.rpm SHA-256: 3e863618639961addc8a50f7886b3937daf7657cf5e5f2cca49631139dcd175a
dnsmasq-utils-2.85-17.el9_6.1.aarch64.rpm SHA-256: 6692c3dc4bad159ebd8615b6d23f0da52278bb1521285d9b1b5c22d930363e96
dnsmasq-utils-debuginfo-2.85-17.el9_6.1.aarch64.rpm SHA-256: c44779e3188231afe3e67435fe7cc8a073ca7b3e103a8732e0316309d3511160

Red Hat Enterprise Linux for IBM z Systems - 4 years of updates 9.6

SRPM
dnsmasq-2.85-17.el9_6.1.src.rpm SHA-256: 3ad24239a776558aa5e3ed332c21891d235e062ebdc5a0ca34ca59adbdd8a606
s390x
dnsmasq-2.85-17.el9_6.1.s390x.rpm SHA-256: b1fe87b5f20673e42c1078224cd7b47021de15b4320a86d3cd5f0be75bc643f0
dnsmasq-debuginfo-2.85-17.el9_6.1.s390x.rpm SHA-256: 44fe92a038d96872f0896288b08b3dba77823a17e5968b39ed777a7d6b99f87a
dnsmasq-debugsource-2.85-17.el9_6.1.s390x.rpm SHA-256: bfff712343053fef4886c523a9c93f8c9b0b32d7d58d89f5e1ae030f756b6993
dnsmasq-utils-2.85-17.el9_6.1.s390x.rpm SHA-256: 10cf034c8c1189de2c60f96632f5cec81f22ef324c38e81a33c678b14eaf2fe9
dnsmasq-utils-debuginfo-2.85-17.el9_6.1.s390x.rpm SHA-256: 99bef025a3f375b5f496d50b0da642337bf7841774adcb850d65554d427ac965

Red Hat Enterprise Linux for x86_64 - Extended Life Cycle 9.6

SRPM
dnsmasq-2.85-17.el9_6.1.src.rpm SHA-256: 3ad24239a776558aa5e3ed332c21891d235e062ebdc5a0ca34ca59adbdd8a606
x86_64
dnsmasq-2.85-17.el9_6.1.x86_64.rpm SHA-256: fc0574348898b7eae4a14129ef05370d23b0823bc434b77ac9a8e44b40b2796a
dnsmasq-debuginfo-2.85-17.el9_6.1.x86_64.rpm SHA-256: 403eddd03fbd578191b2e843e17c7bb980f9b42f12eb8e93ea8dc1cba2d97bca
dnsmasq-debugsource-2.85-17.el9_6.1.x86_64.rpm SHA-256: cd6a197d0a5bdd5faac125061262485e132bfc2897c2c99b3141d9508c12f204
dnsmasq-utils-2.85-17.el9_6.1.x86_64.rpm SHA-256: 2d8d33cfb600f6c4018d4e59618218e007fb23a205adfcb5ef3a23ba58a13068
dnsmasq-utils-debuginfo-2.85-17.el9_6.1.x86_64.rpm SHA-256: 663edf6ec59eaa645d115ebba7e5e8229bb65f03f5f140a1163e43dc9cf47996

Red Hat Enterprise Linux for ARM 64 - Extended Life Cycle 9.6

SRPM
dnsmasq-2.85-17.el9_6.1.src.rpm SHA-256: 3ad24239a776558aa5e3ed332c21891d235e062ebdc5a0ca34ca59adbdd8a606
aarch64
dnsmasq-2.85-17.el9_6.1.aarch64.rpm SHA-256: 228f9db590e5ad51fd29a2ad3c9c1e38349842c3c76509df81a1c4421060bd46
dnsmasq-debuginfo-2.85-17.el9_6.1.aarch64.rpm SHA-256: e797a1e573f8b3fdf923e8e4e993b6d2b2ad87727234e9d2b14ec825e0365a89
dnsmasq-debugsource-2.85-17.el9_6.1.aarch64.rpm SHA-256: 3e863618639961addc8a50f7886b3937daf7657cf5e5f2cca49631139dcd175a
dnsmasq-utils-2.85-17.el9_6.1.aarch64.rpm SHA-256: 6692c3dc4bad159ebd8615b6d23f0da52278bb1521285d9b1b5c22d930363e96
dnsmasq-utils-debuginfo-2.85-17.el9_6.1.aarch64.rpm SHA-256: c44779e3188231afe3e67435fe7cc8a073ca7b3e103a8732e0316309d3511160

Red Hat Enterprise Linux for Power, little endian - Extended Life Cycle 9.6

SRPM
dnsmasq-2.85-17.el9_6.1.src.rpm SHA-256: 3ad24239a776558aa5e3ed332c21891d235e062ebdc5a0ca34ca59adbdd8a606
ppc64le
dnsmasq-2.85-17.el9_6.1.ppc64le.rpm SHA-256: eb13feec855ac75c2a4c5a906e2c4e0d56ceccd760bbab14b544cb137313391c
dnsmasq-debuginfo-2.85-17.el9_6.1.ppc64le.rpm SHA-256: d5d55de31b101cd3e1a81bec57c6f17e13bf4fc84540c2d62c87727e99a57a18
dnsmasq-debugsource-2.85-17.el9_6.1.ppc64le.rpm SHA-256: c72d1138aa0b585f3b710b1b6feebba00a660d19b1b54f3e2d4fa0e3f4e4d8ed
dnsmasq-utils-2.85-17.el9_6.1.ppc64le.rpm SHA-256: e3583d27c8eee9390480c2f2fcd8febbf58c0dd20daaeef6e4361e2cf940616c
dnsmasq-utils-debuginfo-2.85-17.el9_6.1.ppc64le.rpm SHA-256: 6e1a631095073f7337e7ded918b44f2295fe9ae38ae1a90eafd587ff673d48ca

Red Hat Enterprise Linux for IBM z Systems - Extended Life Cycle 9.6

SRPM
dnsmasq-2.85-17.el9_6.1.src.rpm SHA-256: 3ad24239a776558aa5e3ed332c21891d235e062ebdc5a0ca34ca59adbdd8a606
s390x
dnsmasq-2.85-17.el9_6.1.s390x.rpm SHA-256: b1fe87b5f20673e42c1078224cd7b47021de15b4320a86d3cd5f0be75bc643f0
dnsmasq-debuginfo-2.85-17.el9_6.1.s390x.rpm SHA-256: 44fe92a038d96872f0896288b08b3dba77823a17e5968b39ed777a7d6b99f87a
dnsmasq-debugsource-2.85-17.el9_6.1.s390x.rpm SHA-256: bfff712343053fef4886c523a9c93f8c9b0b32d7d58d89f5e1ae030f756b6993
dnsmasq-utils-2.85-17.el9_6.1.s390x.rpm SHA-256: 10cf034c8c1189de2c60f96632f5cec81f22ef324c38e81a33c678b14eaf2fe9
dnsmasq-utils-debuginfo-2.85-17.el9_6.1.s390x.rpm SHA-256: 99bef025a3f375b5f496d50b0da642337bf7841774adcb850d65554d427ac965

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.

Red Hat LinkedIn YouTube Facebook X, formerly Twitter

Quick Links

  • Downloads
  • Subscriptions
  • Support Cases
  • Customer Service
  • Product Documentation

Help

  • Contact Us
  • Customer Portal FAQ
  • Log-in Assistance

Site Info

  • Trust Red Hat
  • Browser Support Policy
  • Accessibility
  • Awards and Recognition
  • Colophon

Related Sites

  • redhat.com
  • developers.redhat.com
  • connect.redhat.com
  • cloud.redhat.com

Red Hat legal and privacy links

  • About Red Hat
  • Jobs
  • Events
  • Locations
  • Contact Red Hat
  • Red Hat Blog
  • Inclusion at Red Hat
  • Cool Stuff Store
  • Red Hat Summit
© 2026 Red Hat

Red Hat legal and privacy links

  • Privacy statement
  • Terms of use
  • All policies and guidelines
  • Digital accessibility