Amazon Linux 2 Security Advisory: ALAS2DNSMASQ-2026-004
Advisory Released Date: 2026-05-26
Advisory Updated Date: 2026-05-26
FAQs regarding Amazon Linux ALAS/CVE Severity
A Denial of Service (DoS) vulnerability in the DNSSEC validation of dnsmasq allows remote attackers to cause a denial of service via a crafted DNS packet. (CVE-2026-4890)
A heap-based out-of-bounds read vulnerability in the DNSSEC validation of dnsmasq allows remote attackers to cause a denial of service via a crafted DNS packet. (CVE-2026-4891)
A heap-based out-of-bounds write vulnerability in the DHCPv6 implementation of dnsmasq allows local attackers to execute arbitrary code with root privileges via a crafted DHCPv6 packet. (CVE-2026-4892)
An information disclosure vulnerability in dnsmasq allows remote attackers to bypass source checks via a crafted DNS packet with RFC 7871 client subnet information. (CVE-2026-4893)
A buffer overflow in dnsmasq's extract_addresses() function allows an attacker to trigger a heap out-of-bounds read and crash by exploiting a malformed DNS response, enabling extract_name() to advance the pointer past the record's end. (CVE-2026-5172)
Affected Packages:
dnsmasq
Note:
This advisory is applicable to Amazon Linux 2 - Dnsmasq Extra. Visit this page to learn more about Amazon Linux 2 (AL2) Extras and this FAQ section for the difference between AL2 Core and AL2 Extras advisories.
Issue Correction:
Run yum update dnsmasq or yum update --advisory ALAS2DNSMASQ-2026-004 to update your system.
aarch64:
dnsmasq-2.90-1.amzn2.0.3.aarch64
dnsmasq-utils-2.90-1.amzn2.0.3.aarch64
dnsmasq-debuginfo-2.90-1.amzn2.0.3.aarch64
src:
dnsmasq-2.90-1.amzn2.0.3.src
x86_64:
dnsmasq-2.90-1.amzn2.0.3.x86_64
dnsmasq-utils-2.90-1.amzn2.0.3.x86_64
dnsmasq-debuginfo-2.90-1.amzn2.0.3.x86_64