UbuntuUpdates.org

Package "c-ares"

Name: c-ares

Description:

This package is just an umbrella for a group of other packages, it has no description.
Description samples from packages in group:

  • asynchronous name resolver - development files
  • asynchronous name resolver
Latest version: 1.15.0-1ubuntu0.5
Release: focal (20.04)
Level: updates
Repository: main

Links

All versions of this package
Bug fixes

List of files in package
Repository home page

Other versions of "c-ares" in Focal

Repository Area Version
base main 1.15.0-1build1
security main 1.15.0-1ubuntu0.5

Packages in group

Deleted packages are displayed in grey.


Changelog

Version: 1.15.0-1ubuntu0.5 2024-03-06 14:06:54 UTC

  c-ares (1.15.0-1ubuntu0.5) focal-security; urgency=medium

  * SECURITY UPDATE: Out of bounds read in ares__read_line()
    - debian/patches/CVE-2024-25629.patch: filtering to
      eliminate out of bounds read
    - CVE-2024-25629

 -- Nick Galanis <email address hidden> Wed, 28 Feb 2024 13:36:54 +0000
Source diff to previous version
CVE-2024-25629 c-ares is a C library for asynchronous DNS requests. `ares__read_line()` is used to parse local configuration files such as `/etc/resolv.conf`, `/etc

Version: 1.15.0-1ubuntu0.4 2023-09-18 16:08:06 UTC

  c-ares (1.15.0-1ubuntu0.4) focal-security; urgency=medium

  * SECURITY UPDATE: DoS via out-of-bounds read
    - debian/patches/CVE-2020-22217.patch: check length in
      ares_parse_soa_reply.c.
    - CVE-2020-22217

 -- Marc Deslauriers <email address hidden> Thu, 14 Sep 2023 11:00:59 -0400
Source diff to previous version
CVE-2020-22217 Buffer overflow vulnerability in c-ares before 1_16_1 thru 1_17_0 via function ares_parse_soa_reply in ares_parse_soa_reply.c.

Version: 1.15.0-1ubuntu0.3 2023-06-14 16:07:02 UTC

  c-ares (1.15.0-1ubuntu0.3) focal-security; urgency=medium

  * SECURITY UPDATE: buffer underflow on certain ipv6 addresses
    - debian/patches/CVE-2023-31130.diff: add newer inet_net_pton_ipv6()
      and fix test cases in inet_net_pton.c, test/ares-test-internal.cc.
    - CVE-2023-31130
  * SECURITY UPDATE: denial of service via 0-byte UDP payload
    - debian/patches/CVE-2023-32067.diff: check length in ares_process.c.
    - CVE-2023-32067

 -- Marc Deslauriers <email address hidden> Mon, 12 Jun 2023 14:45:23 -0400
Source diff to previous version
CVE-2023-32067 c-ares is an asynchronous resolver library. c-ares is vulnerable to denial of service. If a target resolver sends a query, the attacker forges a malf

Version: 1.15.0-1ubuntu0.2 2023-03-02 20:06:53 UTC

  c-ares (1.15.0-1ubuntu0.2) focal-security; urgency=medium

  * SECURITY UPDATE: buffer overflow in config_sortlist()
    - debian/patches/CVE-2022-4904.patch: add length checks to ares_init.c,
      test/ares-test-init.cc.
    - CVE-2022-4904

 -- Marc Deslauriers <email address hidden> Wed, 01 Mar 2023 12:22:05 -0500
Source diff to previous version

Version: 1.15.0-1ubuntu0.1 2021-08-10 14:06:30 UTC

  c-ares (1.15.0-1ubuntu0.1) focal-security; urgency=medium

  * SECURITY UPDATE: Missing input validation on hostnames returned by DNS
    servers
    - debian/patches/CVE-2021-3672-1.patch: escape more characters in
      ares_expand_name.c.
    - debian/patches/CVE-2021-3672-2.patch: fix formatting and handling of
      root name response in ares_expand_name.c.
    - CVE-2021-3672

 -- Marc Deslauriers <email address hidden> Mon, 02 Aug 2021 07:30:23 -0400
CVE-2021-3672 Missing input validation on hostnames returned by DNS servers


About   -   Send Feedback to @ubuntu_updates