Package "c-ares"
| Name: |
c-ares
|
Description: |
This package is just an umbrella for a group of other packages,
it has no description.
Description samples from packages in group:
- asynchronous name resolver - development files
- asynchronous name resolver
|
| Latest version: |
1.33.0-1ubuntu0.1 |
| Release: |
oracular (24.10) |
| Level: |
security |
| Repository: |
main |
Links
Other versions of "c-ares" in Oracular
Packages in group
Deleted packages are displayed in grey.
Changelog
|
c-ares (1.33.0-1ubuntu0.1) oracular-security; urgency=medium
* SECURITY UPDATE: Use after free() in read_answers()
- debian/patches/CVE-2025-31498-pre1.patch: ares_getaddrinfo() for
AF_UNSPEC should retry if ipv6 received in
src/lib/ares_getaddrinfo.c, test/ares-test-mock-ai.cc.
- debian/patches/CVE-2025-31498-1.patch: queue queries to be resent in
src/lib/ares_close_sockets.c, src/lib/ares_cookie.c,
src/lib/ares_private.h, src/lib/ares_process.c,
src/lib/dsa/ares__array.c, src/lib/dsa/ares__array.h,
test/ares-test-mock-ai.cc, test/ares-test-mock.cc, test/ares-test.cc,
test/ares-test.h.
- debian/patches/CVE-2025-31498-2.patch: windows build fix in
test/ares-test.cc.
- debian/patches/CVE-2025-31498-3.patch: remove unused vars in
src/lib/ares_process.c.
- debian/patches/CVE-2025-31498-4.patch: windows build fix in
test/ares-test.cc.
- debian/patches/CVE-2025-31498-5.patch: variable set but never read in
src/lib/ares_process.c.
- debian/patches/CVE-2025-31498-6.patch: build fix in
test/ares-test.cc, test/ares-test.h.
- debian/libcares2.symbols: added new symbol.
- CVE-2025-31498
-- Marc Deslauriers <email address hidden> Wed, 09 Apr 2025 11:05:05 -0400
|
| CVE-2025-31498 |
c-ares is an asynchronous resolver library. From 1.32.3 through 1.34.4, there is a use-after-free in read_answers() when process_answer() may re-enqu |
|
About
-
Send Feedback to @ubuntu_updates
