c-ares-1.19.1-2.el9_4

エラータID: AXSA:2024-8283:02

Release date: 
Monday, June 17, 2024 - 14:57
Subject: 
c-ares-1.19.1-2.el9_4
Affected Channels: 
MIRACLE LINUX 9 for x86_64
Severity: 
Low
Description: 

The c-ares C library defines asynchronous DNS (Domain Name System) requests and provides name resolving API.

Security Fix(es):

* c-ares: Out of bounds read in ares__read_line() (CVE-2024-25629)

For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

CVE-2024-25629
c-ares is a C library for asynchronous DNS requests. `ares__read_line()` is used to parse local configuration files such as `/etc/resolv.conf`, `/etc/nsswitch.conf`, the `HOSTALIASES` file, and if using a c-ares version prior to 1.27.0, the `/etc/hosts` file. If any of these configuration files has an embedded `NULL` character as the first character in a new line, it can lead to attempting to read memory prior to the start of the given buffer which may result in a crash. This issue is fixed in c-ares 1.27.0. No known workarounds exist.

Solution: 

Update packages.

CVEs: 
CVE-2024-25629
c-ares is a C library for asynchronous DNS requests. `ares__read_line()` is used to parse local configuration files such as `/etc/resolv.conf`, `/etc/nsswitch.conf`, the `HOSTALIASES` file, and if using a c-ares version prior to 1.27.0, the `/etc/hosts` file. If any of these configuration files has an embedded `NULL` character as the first character in a new line, it can lead to attempting to read memory prior to the start of the given buffer which may result in a crash. This issue is fixed in c-ares 1.27.0. No known workarounds exist.
Additional Info: 

N/A

Download: 

SRPMS
  1. c-ares-1.19.1-2.el9_4.src.rpm
    MD5: ec4508d6345784b6365529ba02f58aa0
    SHA-256: 304c9a3596c31c7b2626bb7565e473a5a4e71bf3195db72c514d75e9b1bf416e
    Size: 1.52 MB

Asianux Server 9 for x86_64
  1. c-ares-1.19.1-2.el9_4.i686.rpm
    MD5: d09870056063cd4fe7807377e8863680
    SHA-256: 626a446f697b12792b761cef5042e14fc6b64c0ce9c1367154814a2a51513b0d
    Size: 113.91 kB
  2. c-ares-1.19.1-2.el9_4.x86_64.rpm
    MD5: aaff4e151c8c237b490ab49f7f4ace7c
    SHA-256: ec0246c440a219b7c3feadb1ba6e219f5f889ff4678a6e2d2e919f5714ca1d1c
    Size: 109.52 kB
  3. c-ares-devel-1.19.1-2.el9_4.i686.rpm
    MD5: 0e80ead1727e4bf5732be49525dde888
    SHA-256: 917e81d19b0797b1e7063705351354fe4fd3656722e1c464956ce33cdb050b06
    Size: 114.91 kB
  4. c-ares-devel-1.19.1-2.el9_4.x86_64.rpm
    MD5: 307e48fe3009f7e2a6ce943e9a7b2b8a
    SHA-256: be1369e85629722166384e8727eb31aad9d85f990e412a5cb1df04e408ea12f1
    Size: 114.91 kB