[ALSA-2023:6635] Moderate: c-ares security, bug fix, and enhancement update
Type:
security
Severity:
moderate
Release date:
2023-11-14
Description:
The c-ares C library defines asynchronous DNS (Domain Name System) requests and provides name resolving API. The following packages have been upgraded to a later upstream version: c-ares (1.19.1). (BZ#2210370) Security Fix(es): * c-ares: buffer overflow in config_sortlist() due to missing string length check (CVE-2022-4904) * c-ares: Buffer Underwrite in ares_inet_net_pton() (CVE-2023-31130) * c-ares: Insufficient randomness in generation of DNS query IDs (CVE-2023-31147) * c-ares: AutoTools does not set CARES_RANDOM_FILE during cross compilation (CVE-2023-31124) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the AlmaLinux Release Notes linked from the References section.
Updated packages listed below:
Architecture Package Checksum
aarch64 c-ares-devel-1.19.1-1.el9.aarch64.rpm 338180cd33f0634fa96b991086314c40b2d2e9920cfa43cf80043e6aa0b89f06
aarch64 c-ares-1.19.1-1.el9.aarch64.rpm 85483e8dda5854a65fde3a0106b47ff6c39ebe88ee004a25a485e44dee7200bb
i686 c-ares-1.19.1-1.el9.i686.rpm 785f7387bddb895ee64e093f8beb579f6cc99440ac9f8e1eaa7ab2a273ce9d51
i686 c-ares-devel-1.19.1-1.el9.i686.rpm a03a76627ea2a190e55767f81b40327d44ea7c6a86d17db9741d0edb85cc9f2c
ppc64le c-ares-1.19.1-1.el9.ppc64le.rpm 4eadc7f06a887f0eee2c90e2c0b29462685c5ccf000966280725a58937d1cbf2
ppc64le c-ares-devel-1.19.1-1.el9.ppc64le.rpm d30a8b4f0b092dc3c1bdb7056f805db7099c72a023f10652b38003f9cc9896ac
s390x c-ares-devel-1.19.1-1.el9.s390x.rpm 24c4eda7837d40e039588634850eb4568d72cbb27c6c8aa851bcb4770d8cbe46
s390x c-ares-1.19.1-1.el9.s390x.rpm e52a1ea35bcdc99f41f6e51562cc674dd1fa4808c5c64f917b3ee14530e51dde
x86_64 c-ares-devel-1.19.1-1.el9.x86_64.rpm 50e32614632b5106d8e4b5e3876f172ab1b00db5583c37967121c7457fb078a4
x86_64 c-ares-1.19.1-1.el9.x86_64.rpm 7de0a522fbed2a3cb769b0fe88341111cffee80ee8a2faae43b86fae7ad6a0d9
Notes:
This page is generated automatically from Red Hat security data and has not been checked for errors. For clarification or corrections please contact the AlmaLinux Packaging Team.