c-ares-1.10.0-3.el7.1

エラータID: AXSA:2023-6131:02

Release date: 
Friday, June 23, 2023 - 12:05
Subject: 
c-ares-1.10.0-3.el7.1
Affected Channels: 
Asianux Server 7 for x86_64
Severity: 
High
Description: 

The c-ares C library defines asynchronous DNS (Domain Name System) requests and
provides name resolving API.

Security Fix(es):

* c-ares: 0-byte UDP payload Denial of Service (CVE-2023-32067)

For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE page(s)
listed in the References section.

CVE-2023-32067
c-ares is an asynchronous resolver library. c-ares is vulnerable to denial of
service. If a target resolver sends a query, the attacker forges a malformed UDP
packet with a length of 0 and returns them to the target resolver. The target
resolver erroneously interprets the 0 length as a graceful shutdown of the
connection. This issue has been patched in version 1.19.1.

Solution: 

Update packages.

CVEs: 
CVE-2023-32067
c-ares is an asynchronous resolver library. c-ares is vulnerable to denial of service. If a target resolver sends a query, the attacker forges a malformed UDP packet with a length of 0 and returns them to the target resolver. The target resolver erroneously interprets the 0 length as a graceful shutdown of the connection. This issue has been patched in version 1.19.1.
Additional Info: 

N/A

Download: 

SRPMS
  1. c-ares-1.10.0-3.el7.1.src.rpm
    MD5: b935154a3f10b0735dcadfdcf959eb6c
    SHA-256: 5112403f2af8e4af26ba7ce4cec33f0d0468901dc69b36f6784f6699b109eb1a
    Size: 800.65 kB

Asianux Server 7 for x86_64
  1. c-ares-1.10.0-3.el7.1.i686.rpm
    MD5: e0efe8d0109ff3ef44a4475a5729bc5d
    SHA-256: d5db7d3b43d2b0c8f7bcbcc9bfd4531a868858f3d6b4ae5b5b7a5c9916c94a5b
    Size: 77.31 kB
  2. c-ares-1.10.0-3.el7.1.x86_64.rpm
    MD5: 045a5a5d10a30f613fae105d63573254
    SHA-256: cca3f42702cbdcf29212f02404452fb2a4ba5aa2db07081c6fc847130cb2ec0b
    Size: 77.18 kB
  3. c-ares-devel-1.10.0-3.el7.1.i686.rpm
    MD5: d9b14768ecd004d84fe03d91247d156d
    SHA-256: a8ca82aa097585840a12ffc0f04ac347cae803a1ed6043383f01d6160a5acb5a
    Size: 71.41 kB
  4. c-ares-devel-1.10.0-3.el7.1.x86_64.rpm
    MD5: 11eb5aed64ab06bb2883863f40ec69d0
    SHA-256: f28038dfe66c433c323e7b3456b97f0b4287d4f46e0c6c9225ca026d14cc0b77
    Size: 71.37 kB