c-ares-1.13.0-6.el8.2

エラータID: AXSA:2023-6142:03

Release date: 
Tuesday, June 27, 2023 - 07:47
Subject: 
c-ares-1.13.0-6.el8.2
Affected Channels: 
Asianux Server 8 for x86_64
Severity: 
High
Description: 

The c-ares C library defines asynchronous DNS (Domain Name System) requests and provides name resolving API.

Security Fix(es):

* c-ares: 0-byte UDP payload Denial of Service (CVE-2023-32067)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

CVE-2023-32067
c-ares is an asynchronous resolver library. c-ares is vulnerable to denial of service. If a target resolver sends a query, the attacker forges a malformed UDP packet with a length of 0 and returns them to the target resolver. The target resolver erroneously interprets the 0 length as a graceful shutdown of the connection. This issue has been patched in version 1.19.1.

Solution: 

Update packages.

CVEs: 
CVE-2023-32067
c-ares is an asynchronous resolver library. c-ares is vulnerable to denial of service. If a target resolver sends a query, the attacker forges a malformed UDP packet with a length of 0 and returns them to the target resolver. The target resolver erroneously interprets the 0 length as a graceful shutdown of the connection. This issue has been patched in version 1.19.1.
Additional Info: 

N/A

Download: 

SRPMS
  1. c-ares-1.13.0-6.el8.2.src.rpm
    MD5: 202f1badcdf02b34baddf8845ba816bf
    SHA-256: 8be02e156aadb4cc45f3f4dd07d2c1ae068ba74852803bc76845edc81fe5decc
    Size: 1.40 MB

Asianux Server 8 for x86_64
  1. c-ares-1.13.0-6.el8.2.i686.rpm
    MD5: 5e501602a893fa91f2e8fbcff065e9a1
    SHA-256: c0cc9a185aec4be35c579c8710ee287162ce0adee7b523ff28c06811eddbb09a
    Size: 95.79 kB
  2. c-ares-1.13.0-6.el8.2.x86_64.rpm
    MD5: 669fd10bff553936fc2fcd8ea64839ac
    SHA-256: 8a88f61a291992f52fe04ce3a86e1c15d84b3096c57bca98cb012818f3f10da0
    Size: 92.25 kB
  3. c-ares-devel-1.13.0-6.el8.2.i686.rpm
    MD5: e58e5abdc817727884aaa8d03a894a69
    SHA-256: 9800551c214bebe6dc674f2ee630e357b304c953da8cf62f6a059c5d71809058
    Size: 87.11 kB
  4. c-ares-devel-1.13.0-6.el8.2.x86_64.rpm
    MD5: c276cc434535e97c580272b8e3acdd83
    SHA-256: b45436dceef9c8a7d44cdb45d76d9b1fb5bd07d05a07f8c3bcf908f6336caabb
    Size: 87.08 kB