UbuntuUpdates.org

Package "c-ares"

Name: c-ares

Description:

This package is just an umbrella for a group of other packages, it has no description.
Description samples from packages in group:

  • asynchronous name resolver - development files
  • asynchronous name resolver

Latest version: 1.34.4-2.1ubuntu0.1
Release: plucky (25.04)
Level: security
Repository: main

Links



Other versions of "c-ares" in Plucky

Repository Area Version
base main 1.34.4-2.1
base universe 1.34.4-2.1
security universe 1.34.4-2.1ubuntu0.1

Packages in group

Deleted packages are displayed in grey.


Changelog

Version: 1.34.4-2.1ubuntu0.1 2025-05-05 14:07:39 UTC

  c-ares (1.34.4-2.1ubuntu0.1) plucky-security; urgency=medium

  * SECURITY UPDATE: Use after free() in read_answers()
    - debian/patches/CVE-2025-31498-1.patch: queue queries to be resent in
      src/lib/ares_close_sockets.c, src/lib/ares_cookie.c,
      src/lib/ares_private.h, src/lib/ares_process.c,
      test/ares-test-mock-ai.cc, test/ares-test-mock.cc, test/ares-test.cc,
      test/ares-test.h.
    - debian/patches/CVE-2025-31498-2.patch: windows build fix in
      test/ares-test.cc.
    - debian/patches/CVE-2025-31498-3.patch: windows build fix in
      test/ares-test.cc.
    - debian/patches/CVE-2025-31498-4.patch: build fix in
      test/ares-test.cc, test/ares-test.h.
    - CVE-2025-31498

 -- Marc Deslauriers <email address hidden> Wed, 09 Apr 2025 10:55:44 -0400

CVE-2025-31498 c-ares is an asynchronous resolver library. From 1.32.3 through 1.34.4, there is a use-after-free in read_answers() when process_answer() may re-enqu



About   -   Send Feedback to @ubuntu_updates