Alan Coopersmith <[email protected]> writes: > https://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/2026q2/018471.html > announces: >> Today, 11th May 2026 CERT is releasing a set of six CVEs for serious >> security vulnerabilities in dnsmasq. These are all long-standing >> bugs which apply to pretty much all non-ancient versions. The CVE >> has been pre-disclosed to vendors, so hopefully they will be >> releasing patched versions of their dnsmasq packages in a timely >> manner. >> Details and patches are available on the website at >> https://thekelleys.org.uk/dnsmasq/CVE/ >> and I have made "2.92rel2" release of the current 2.92 dnsmasq >> stable release which is downloadable from the usual place and has >> had these patches applied. >> >> [...] >> >> Thank you to the reporters for discovering these vulnerabilities: >> * Hugo Martinez ([email protected]) - CVE-2026-5172, CVE-2026-2291 >> * Andrew Fasano (NIST) - CVE-2026-2291 >> * Royce M ([email protected]) - CVE-2026-4893, CVE-2026-4892, CVE-2026-4891, >> CVE-2026-4890, CVE-2026-2291
Writeup for these 5 is available at https://xchglabs.com/blog/dnsmasq-five-cves.html >> * Asim Viladi Oglu Manizada - CVE-2026-4892 >> * Mattia Ricciardi (mindless) - CVE-2026-2291
signature.asc
Description: PGP signature
