CVE-2026-12725 Dnsmasq: dnsmasq: heap buffer overflow in log_query() when logging unsupported ds/dnskey replies

A heap-based buffer overflow was found in dnsmasq. When DNSSEC validation and query logging are both enabled, logging of DS or DNSKEY replies containing unsupported algorithm or digest types can cause dnsmasq to write past the end of an internal logging buffer. A remote attacker able to supply su...

[SECURITY] [DLA 4226-1] dns-root-data DNSSEC trust anchors update

------------------------------------------------------------------------- Debian LTS Advisory DLA-4226-1 [email protected] https://www.debian.org/lts/security/ Sylvain Beucler June 23, 2025 https://wiki.debian.org/LTS -...

Debian dla-4226 : dns-root-data - security update

The remote Debian 11 host has a package installed that is affected by a vulnerability as referenced in the dla-4226 advisory. - ------------------------------------------------------------------------- Debian LTS Advisory DLA-4226-1 [email protected] https://www.debian.org/lts/security/...

verifySignatureWithKey - RRSIG RR's Signer's Name is never checked if it matches owner name

Lines of code Vulnerability details Impact According to RFC 4035 and as mentioned in the comments in function "verifySignatureWithKey" , the Signer's name should also be checked if it matches the owner name. If the Signer's Name field of an RRSIG record does not match the owner name of a DNSKEY...