UbuntuUpdates.org

Package "c-ares"

Name: c-ares

Description:

This package is just an umbrella for a group of other packages, it has no description.
Description samples from packages in group:

  • asynchronous name resolver - development files
  • asynchronous name resolver
Latest version: 1.34.5-1ubuntu0.1
Release: questing (25.10)
Level: security
Repository: main

Links

All versions of this package
Bug fixes

List of files in package
Repository home page

Other versions of "c-ares" in Questing

Repository Area Version
base main 1.34.5-1
base universe 1.34.5-1
security universe 1.34.5-1ubuntu0.1
updates main 1.34.5-1ubuntu0.1
updates universe 1.34.5-1ubuntu0.1

Packages in group

Deleted packages are displayed in grey.


Changelog

Version: 1.34.5-1ubuntu0.1 2025-12-11 18:08:15 UTC

  c-ares (1.34.5-1ubuntu0.1) questing-security; urgency=medium

  * SECURITY UPDATE: DoS via UaF in connection clean-up
    - debian/patches/CVE-2025-62408.patch: enqueue callbacks to be
      processed within process_answer in src/lib/ares_private.h,
      src/lib/ares_process.c, src/lib/ares_qcache.c,
      test/ares-test-mock-ai.cc.
    - CVE-2025-62408

 -- Marc Deslauriers <email address hidden> Tue, 09 Dec 2025 12:36:35 -0500
CVE-2025-62408 c-ares is an asynchronous resolver library. Versions 1.32.3 through 1.34.5 terminate a query after maximum attempts when using read_answer() and pro


About   -   Send Feedback to @ubuntu_updates