UbuntuUpdates.org

Package "libc-ares2"

Name: libc-ares2

Description:

asynchronous name resolver

Latest version: 1.15.0-1ubuntu0.5
Release: focal (20.04)
Level: security
Repository: main
Head package: c-ares
Homepage: https://c-ares.haxx.se/

Links


Download "libc-ares2"


Other versions of "libc-ares2" in Focal

Repository Area Version
base main 1.15.0-1build1
updates main 1.15.0-1ubuntu0.5

Changelog

Version: 1.15.0-1ubuntu0.5 2024-03-06 12:06:56 UTC

  c-ares (1.15.0-1ubuntu0.5) focal-security; urgency=medium

  * SECURITY UPDATE: Out of bounds read in ares__read_line()
    - debian/patches/CVE-2024-25629.patch: filtering to
      eliminate out of bounds read
    - CVE-2024-25629

 -- Nick Galanis <email address hidden> Wed, 28 Feb 2024 13:36:54 +0000

Source diff to previous version
CVE-2024-25629 c-ares is a C library for asynchronous DNS requests. `ares__read_line()` is used to parse local configuration files such as `/etc/resolv.conf`, `/etc

Version: 1.15.0-1ubuntu0.4 2023-09-18 15:08:15 UTC

  c-ares (1.15.0-1ubuntu0.4) focal-security; urgency=medium

  * SECURITY UPDATE: DoS via out-of-bounds read
    - debian/patches/CVE-2020-22217.patch: check length in
      ares_parse_soa_reply.c.
    - CVE-2020-22217

 -- Marc Deslauriers <email address hidden> Thu, 14 Sep 2023 11:00:59 -0400

Source diff to previous version
CVE-2020-22217 Buffer overflow vulnerability in c-ares before 1_16_1 thru 1_17_0 via function ares_parse_soa_reply in ares_parse_soa_reply.c.

Version: 1.15.0-1ubuntu0.3 2023-06-14 15:07:09 UTC

  c-ares (1.15.0-1ubuntu0.3) focal-security; urgency=medium

  * SECURITY UPDATE: buffer underflow on certain ipv6 addresses
    - debian/patches/CVE-2023-31130.diff: add newer inet_net_pton_ipv6()
      and fix test cases in inet_net_pton.c, test/ares-test-internal.cc.
    - CVE-2023-31130
  * SECURITY UPDATE: denial of service via 0-byte UDP payload
    - debian/patches/CVE-2023-32067.diff: check length in ares_process.c.
    - CVE-2023-32067

 -- Marc Deslauriers <email address hidden> Mon, 12 Jun 2023 14:45:23 -0400

Source diff to previous version
CVE-2023-32067 c-ares is an asynchronous resolver library. c-ares is vulnerable to denial of service. If a target resolver sends a query, the attacker forges a malf

Version: 1.15.0-1ubuntu0.2 2023-03-02 14:07:01 UTC

  c-ares (1.15.0-1ubuntu0.2) focal-security; urgency=medium

  * SECURITY UPDATE: buffer overflow in config_sortlist()
    - debian/patches/CVE-2022-4904.patch: add length checks to ares_init.c,
      test/ares-test-init.cc.
    - CVE-2022-4904

 -- Marc Deslauriers <email address hidden> Wed, 01 Mar 2023 12:22:05 -0500

Source diff to previous version

Version: 1.15.0-1ubuntu0.1 2021-08-10 13:06:30 UTC

  c-ares (1.15.0-1ubuntu0.1) focal-security; urgency=medium

  * SECURITY UPDATE: Missing input validation on hostnames returned by DNS
    servers
    - debian/patches/CVE-2021-3672-1.patch: escape more characters in
      ares_expand_name.c.
    - debian/patches/CVE-2021-3672-2.patch: fix formatting and handling of
      root name response in ares_expand_name.c.
    - CVE-2021-3672

 -- Marc Deslauriers <email address hidden> Mon, 02 Aug 2021 07:30:23 -0400

CVE-2021-3672 Missing input validation on hostnames returned by DNS servers



About   -   Send Feedback to @ubuntu_updates