UbuntuUpdates.org

Package "c-ares"

Name: c-ares

Description:

This package is just an umbrella for a group of other packages, it has no description.
Description samples from packages in group:

  • asynchronous name resolver - development files
  • asynchronous name resolver

Latest version: 1.14.0-1ubuntu0.2
Release: bionic (18.04)
Level: security
Repository: main

Links



Other versions of "c-ares" in Bionic

Repository Area Version
base main 1.14.0-1
updates main 1.14.0-1ubuntu0.2

Packages in group

Deleted packages are displayed in grey.


Changelog

Version: 1.14.0-1ubuntu0.2 2023-03-02 14:06:55 UTC

  c-ares (1.14.0-1ubuntu0.2) bionic-security; urgency=medium

  * SECURITY UPDATE: buffer overflow in config_sortlist()
    - debian/patches/CVE-2022-4904.patch: add length checks to ares_init.c,
      test/ares-test-init.cc.
    - CVE-2022-4904

 -- Marc Deslauriers <email address hidden> Wed, 01 Mar 2023 12:22:47 -0500

Source diff to previous version

Version: 1.14.0-1ubuntu0.1 2021-08-10 13:06:28 UTC

  c-ares (1.14.0-1ubuntu0.1) bionic-security; urgency=medium

  * SECURITY UPDATE: Missing input validation on hostnames returned by DNS
    servers
    - debian/patches/CVE-2021-3672-1.patch: escape more characters in
      ares_expand_name.c.
    - debian/patches/CVE-2021-3672-2.patch: fix formatting and handling of
      root name response in ares_expand_name.c.
    - CVE-2021-3672

 -- Marc Deslauriers <email address hidden> Mon, 02 Aug 2021 07:31:14 -0400

CVE-2021-3672 Missing input validation on hostnames returned by DNS servers



About   -   Send Feedback to @ubuntu_updates