UbuntuUpdates.org

Package "libcares2"

Name: libcares2

Description:

asynchronous name resolver
Latest version: 1.34.5-1ubuntu0.1
Release: questing (25.10)
Level: security
Repository: main
Head package: c-ares
Homepage: https://c-ares.org/

Links

All versions of this package
Bug fixes

List of files in package
Repository home page

Download "libcares2"

32-bit deb package
64-bit deb package
APT INSTALL

Other versions of "libcares2" in Questing

Repository Area Version
base main 1.34.5-1
updates main 1.34.5-1ubuntu0.1

Changelog

Version: 1.34.5-1ubuntu0.1 2025-12-11 18:08:15 UTC

  c-ares (1.34.5-1ubuntu0.1) questing-security; urgency=medium

  * SECURITY UPDATE: DoS via UaF in connection clean-up
    - debian/patches/CVE-2025-62408.patch: enqueue callbacks to be
      processed within process_answer in src/lib/ares_private.h,
      src/lib/ares_process.c, src/lib/ares_qcache.c,
      test/ares-test-mock-ai.cc.
    - CVE-2025-62408

 -- Marc Deslauriers <email address hidden> Tue, 09 Dec 2025 12:36:35 -0500
CVE-2025-62408 c-ares is an asynchronous resolver library. Versions 1.32.3 through 1.34.5 terminate a query after maximum attempts when using read_answer() and pro


About   -   Send Feedback to @ubuntu_updates