UbuntuUpdates.org

Package "libc-ares2"

Name: libc-ares2

Description:

asynchronous name resolver

Latest version: 1.18.1-1ubuntu0.22.04.3
Release: jammy (22.04)
Level: updates
Repository: main
Head package: c-ares
Homepage: https://c-ares.org/

Links


Download "libc-ares2"


Other versions of "libc-ares2" in Jammy

Repository Area Version
base main 1.18.1-1build1
security main 1.18.1-1ubuntu0.22.04.3

Changelog

Version: 1.18.1-1ubuntu0.22.04.3 2024-03-06 14:06:59 UTC

  c-ares (1.18.1-1ubuntu0.22.04.3) jammy-security; urgency=medium

  * SECURITY UPDATE: Out of bounds read in ares__read_line()
    - debian/patches/CVE-2024-25629.patch: filtering to
      eliminate out of bounds read
    - CVE-2024-25629

 -- Nick Galanis <email address hidden> Wed, 28 Feb 2024 13:37:18 +0000

Source diff to previous version
CVE-2024-25629 c-ares is a C library for asynchronous DNS requests. `ares__read_line()` is used to parse local configuration files such as `/etc/resolv.conf`, `/etc

Version: 1.18.1-1ubuntu0.22.04.2 2023-06-14 16:07:05 UTC

  c-ares (1.18.1-1ubuntu0.22.04.2) jammy-security; urgency=medium

  * SECURITY UPDATE: buffer underflow on certain ipv6 addresses
    - debian/patches/CVE-2023-31130.diff: add newer inet_net_pton_ipv6()
      and fix test cases in src/lib/inet_net_pton.c,
      test/ares-test-internal.cc.
    - CVE-2023-31130
  * SECURITY UPDATE: denial of service via 0-byte UDP payload
    - debian/patches/CVE-2023-32067.diff: check length in
      src/lib/ares_process.c.
    - CVE-2023-32067

 -- Marc Deslauriers <email address hidden> Mon, 12 Jun 2023 14:43:33 -0400

Source diff to previous version
CVE-2023-32067 c-ares is an asynchronous resolver library. c-ares is vulnerable to denial of service. If a target resolver sends a query, the attacker forges a malf

Version: 1.18.1-1ubuntu0.22.04.1 2023-03-02 16:07:06 UTC

  c-ares (1.18.1-1ubuntu0.22.04.1) jammy-security; urgency=medium

  * SECURITY UPDATE: buffer overflow in config_sortlist()
    - debian/patches/CVE-2022-4904.patch: add length checks to
      src/lib/ares_init.c, test/ares-test-init.cc.
    - CVE-2022-4904

 -- Marc Deslauriers <email address hidden> Wed, 01 Mar 2023 12:18:31 -0500




About   -   Send Feedback to @ubuntu_updates