c-ares-1.13.0-8.el8
エラータID: AXSA:2023-7091:05
The c-ares C library defines asynchronous DNS (Domain Name System) requests and provides name resolving API.
Security Fix(es):
* c-ares: buffer overflow in config_sortlist() due to missing string length check (CVE-2022-4904)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Additional Changes:
For detailed information on changes in this release, see the Asianux Server 8.9 Release Notes linked from the References section.
CVE-2022-4904
A flaw was found in the c-ares package. The ares_set_sortlist is missing checks about the validity of the input string, which allows a possible arbitrary length stack overflow. This issue may cause a denial of service or a limited impact on confidentiality and integrity.
Update packages.
A flaw was found in the c-ares package. The ares_set_sortlist is missing checks about the validity of the input string, which allows a possible arbitrary length stack overflow. This issue may cause a denial of service or a limited impact on confidentiality and integrity.
N/A
SRPMS
- c-ares-1.13.0-8.el8.src.rpm
MD5: 01f49018894499bcd8d8e84375eea416
SHA-256: 8ba079b5df2e267e8a6898c2a6417398cf4727d52ba40c205176f00affeeb381
Size: 1.40 MB
Asianux Server 8 for x86_64
- c-ares-1.13.0-8.el8.i686.rpm
MD5: 5e39a2eda1c161af8a55dc15ec97b7dd
SHA-256: aa5453999a084807b92a1e740667dbe2e572dee8069b39b7a2882d92729e9f39
Size: 95.94 kB - c-ares-1.13.0-8.el8.x86_64.rpm
MD5: f9a0504bb8b83d554608fb7e67ff5c54
SHA-256: cedc7fc6c441d2f7452463db0b83c9b97b8557b24f9cdaf390be276b2879d3dd
Size: 92.41 kB - c-ares-devel-1.13.0-8.el8.i686.rpm
MD5: 9b2a407bb227088324d3fa9a4d17bac6
SHA-256: 1dde1982fdd12ade574392fc943f059e6b09e988b23af8231d7443e83e0c4948
Size: 87.26 kB - c-ares-devel-1.13.0-8.el8.x86_64.rpm
MD5: 059cdf355304b937a28f347eb430fa32
SHA-256: c34b0c9bd687663224b20b3191c1f5ce2117be6dffc10f590491e5703b13e4ba
Size: 87.23 kB
日本語