[ALSA-2023:7207] Moderate: c-ares security update
Type:
security
Severity:
moderate
Release date:
2023-11-23
Description:
The c-ares C library defines asynchronous DNS (Domain Name System) requests and provides name resolving API. Security Fix(es): * c-ares: Heap buffer over read in ares_parse_soa_reply (CVE-2020-22217) * c-ares: Buffer Underwrite in ares_inet_net_pton() (CVE-2023-31130) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
References:
Updated packages listed below:
Architecture Package Checksum
aarch64 c-ares-1.13.0-9.el8_9.1.aarch64.rpm 77e7306eade9634045ccf3723e19f11ad2691b6e7bef96c0747438a3a2761e83
aarch64 c-ares-devel-1.13.0-9.el8_9.1.aarch64.rpm ebbe417d706512988f5320bbc63a2c0b0b4248c277397275e2f92fcdff4ea6d0
i686 c-ares-1.13.0-9.el8_9.1.i686.rpm 1b782909672539a2fdd885b5c1015af74650f530787cc8372f4684b8f0991486
i686 c-ares-devel-1.13.0-9.el8_9.1.i686.rpm e29b04b7b86d56585b537b325e82e053647f239787865e0fa26ce5a958a9c3b7
ppc64le c-ares-devel-1.13.0-9.el8_9.1.ppc64le.rpm 07f4ed76d30a26a146cfda91da2d10adbeccc19d94f3112addb1ada7cdba5554
ppc64le c-ares-1.13.0-9.el8_9.1.ppc64le.rpm d5461a309f4a3dd1797757b6e11b50a3eeee49fa35bdb63ca664e59b7c21f310
s390x c-ares-1.13.0-9.el8_9.1.s390x.rpm 464793de47559703e8eb501bc6d7f957d0ac9714aec4ba2b12af7ad6418905f6
s390x c-ares-devel-1.13.0-9.el8_9.1.s390x.rpm f2ecb4e05920f0267eb07d06f48afefb8801953c794961a7391e0036501d1387
x86_64 c-ares-devel-1.13.0-9.el8_9.1.x86_64.rpm 1c30500a85b2d699d1f97c8ad158c0fe9ca86c5509d28c5a58c9dacac53a3485
x86_64 c-ares-1.13.0-9.el8_9.1.x86_64.rpm e48dd431f983c240c73a59777e9d90e8e13f333b61b4467efc8f2995d380a397
Notes:
This page is generated automatically from Red Hat security data and has not been checked for errors. For clarification or corrections please contact the AlmaLinux Packaging Team.