UbuntuUpdates.org

Package "libcares2"

Name: libcares2

Description:

asynchronous name resolver

Latest version: 1.34.4-2.1ubuntu0.1
Release: plucky (25.04)
Level: security
Repository: main
Head package: c-ares
Homepage: https://c-ares.org/

Links


Download "libcares2"


Other versions of "libcares2" in Plucky

Repository Area Version
base main 1.34.4-2.1
updates main 1.34.4-2.1ubuntu0.1

Changelog

Version: 1.34.4-2.1ubuntu0.1 2025-05-05 14:07:39 UTC

  c-ares (1.34.4-2.1ubuntu0.1) plucky-security; urgency=medium

  * SECURITY UPDATE: Use after free() in read_answers()
    - debian/patches/CVE-2025-31498-1.patch: queue queries to be resent in
      src/lib/ares_close_sockets.c, src/lib/ares_cookie.c,
      src/lib/ares_private.h, src/lib/ares_process.c,
      test/ares-test-mock-ai.cc, test/ares-test-mock.cc, test/ares-test.cc,
      test/ares-test.h.
    - debian/patches/CVE-2025-31498-2.patch: windows build fix in
      test/ares-test.cc.
    - debian/patches/CVE-2025-31498-3.patch: windows build fix in
      test/ares-test.cc.
    - debian/patches/CVE-2025-31498-4.patch: build fix in
      test/ares-test.cc, test/ares-test.h.
    - CVE-2025-31498

 -- Marc Deslauriers <email address hidden> Wed, 09 Apr 2025 10:55:44 -0400

CVE-2025-31498 c-ares is an asynchronous resolver library. From 1.32.3 through 1.34.4, there is a use-after-free in read_answers() when process_answer() may re-enqu



About   -   Send Feedback to @ubuntu_updates