c-ares-1.17.1-5.el9.1

エラータID: AXSA:2023-6019:01

Release date: 
Tuesday, June 13, 2023 - 12:38
Subject: 
c-ares-1.17.1-5.el9.1
Affected Channels: 
MIRACLE LINUX 9 for x86_64
Severity: 
High
Description: 

The c-ares C library defines asynchronous DNS (Domain Name System) requests and provides name resolving API.

Security Fix(es):

* c-ares: 0-byte UDP payload Denial of Service (CVE-2023-32067)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

CVE-2023-32067
c-ares is an asynchronous resolver library. c-ares is vulnerable to denial of service. If a target resolver sends a query, the attacker forges a malformed UDP packet with a length of 0 and returns them to the target resolver. The target resolver erroneously interprets the 0 length as a graceful shutdown of the connection. This issue has been patched in version 1.19.1.

Solution: 

Update packages.

Additional Info: 

N/A

Download: 

SRPMS
  1. c-ares-1.17.1-5.el9.1.src.rpm
    MD5: dc2239e67da4c202b30a63753aa13fc7
    SHA-256: 476b9b53d5298df9baaf36a28e9fba1cbe3291446ebf1a8b44f1ac4a2d931954
    Size: 1.46 MB

Asianux Server 9 for x86_64
  1. c-ares-1.17.1-5.el9.1.i686.rpm
    MD5: b08359b21a97e37d2502164e07e5dfcc
    SHA-256: 6861ba9e0e5eb56e05763042cee21fd5adf1c9428ee6555524943db96e87010c
    Size: 107.24 kB
  2. c-ares-1.17.1-5.el9.1.x86_64.rpm
    MD5: 5c938ed50e7c89894480edcf77d09e47
    SHA-256: 0c60d20859b13bb26dd50fa3d9b36af6436ce2c7679478500e1f3a3216033d37
    Size: 102.27 kB
  3. c-ares-devel-1.17.1-5.el9.1.i686.rpm
    MD5: b35a9ae838ecba5870eee834abac22a0
    SHA-256: 53d20bb60cf1ae30ba28a533a1e4e4ae2f510976a00b70c2955ebdc5586fd09c
    Size: 93.12 kB
  4. c-ares-devel-1.17.1-5.el9.1.x86_64.rpm
    MD5: be0af0d9967250584e84942590fa7b8b
    SHA-256: d52e84c4f82fb04f67b73eff3a24c844e464d69ddb323729f80f86c663d05f37
    Size: 93.11 kB