c-ares-1.13.0-11.el8_10

エラータID: AXSA:2024-8518:03

Release date: 
Thursday, July 4, 2024 - 18:57
Subject: 
c-ares-1.13.0-11.el8_10
Affected Channels: 
Asianux Server 8 for x86_64
Severity: 
Low
Description: 

The c-ares C library defines asynchronous DNS (Domain Name System) requests and
provides name resolving API.

Security Fix(es):

* c-ares: Out of bounds read in ares__read_line() (CVE-2024-25629)

For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

CVE-2024-25629
c-ares is a C library for asynchronous DNS requests. `ares__read_line()` is used to parse local configuration files such as `/etc/resolv.conf`, `/etc/nsswitch.conf`, the `HOSTALIASES` file, and if using a c-ares version prior to 1.27.0, the `/etc/hosts` file. If any of these configuration files has an embedded `NULL` character as the first character in a new line, it can lead to attempting to read memory prior to the start of the given buffer which may result in a crash. This issue is fixed in c-ares 1.27.0. No known workarounds exist.

Solution: 

Update packages.

CVEs: 
CVE-2024-25629
c-ares is a C library for asynchronous DNS requests. `ares__read_line()` is used to parse local configuration files such as `/etc/resolv.conf`, `/etc/nsswitch.conf`, the `HOSTALIASES` file, and if using a c-ares version prior to 1.27.0, the `/etc/hosts` file. If any of these configuration files has an embedded `NULL` character as the first character in a new line, it can lead to attempting to read memory prior to the start of the given buffer which may result in a crash. This issue is fixed in c-ares 1.27.0. No known workarounds exist.
Additional Info: 

N/A

Download: 

SRPMS
  1. c-ares-1.13.0-11.el8_10.src.rpm
    MD5: d2e22941b4edec34dc5bb20e9781a50e
    SHA-256: 41c8eb75b488734afe0de3feb54ef85f94dbb0486245a3f8f20f5e53c6fb015f
    Size: 1.40 MB

Asianux Server 8 for x86_64
  1. c-ares-1.13.0-11.el8_10.i686.rpm
    MD5: a1075ae3498d7ddba73270dfb94e5b14
    SHA-256: 44b982f93643c9f6f00e20b4496f669e1a3bf19972b1a4029bc112d422f5c7df
    Size: 96.41 kB
  2. c-ares-1.13.0-11.el8_10.x86_64.rpm
    MD5: 11ecac4bb176d2137831f365b012e450
    SHA-256: 14a357c6fc070be9a185b6dd72ef43cdc44882495fed3017eee598a0d4a366c1
    Size: 92.82 kB
  3. c-ares-devel-1.13.0-11.el8_10.i686.rpm
    MD5: 508de3384266b0d34f010baf5e8e0e85
    SHA-256: 06829bf91850664fa3e03570f53cec25dadc91a720a4309c54adcc8a6d453700
    Size: 87.68 kB
  4. c-ares-devel-1.13.0-11.el8_10.x86_64.rpm
    MD5: f4f1f29cdad9996de87719f9a7a9187f
    SHA-256: a6dd1032f6366897c7935a48f01927b62cbb4d2344029d11e081698332144192
    Size: 87.64 kB