c-ares-1.10.0-3.el7.1
エラータID: AXSA:2023-6131:02
リリース日:
2023/06/23 Friday - 12:05
題名:
c-ares-1.10.0-3.el7.1
影響のあるチャネル:
Asianux Server 7 for x86_64
Severity:
High
Description:
以下項目について対処しました。
[Security Fix]
- c-ares には、誤ってソケットをシャットダウンしてしまう問題が
あるため、リモートの攻撃者により、データ長が 0 バイトとなるように
細工された応答パケットを介して、サービス拒否攻撃を可能とする脆弱性
が存在します。(CVE-2023-32067)
解決策:
パッケージをアップデートしてください。
CVE:
CVE-2023-32067
c-ares is an asynchronous resolver library. c-ares is vulnerable to denial of service. If a target resolver sends a query, the attacker forges a malformed UDP packet with a length of 0 and returns them to the target resolver. The target resolver erroneously interprets the 0 length as a graceful shutdown of the connection. This issue has been patched in version 1.19.1.
c-ares is an asynchronous resolver library. c-ares is vulnerable to denial of service. If a target resolver sends a query, the attacker forges a malformed UDP packet with a length of 0 and returns them to the target resolver. The target resolver erroneously interprets the 0 length as a graceful shutdown of the connection. This issue has been patched in version 1.19.1.
追加情報:
N/A
ダウンロード:
SRPMS
- c-ares-1.10.0-3.el7.1.src.rpm
MD5: b935154a3f10b0735dcadfdcf959eb6c
SHA-256: 5112403f2af8e4af26ba7ce4cec33f0d0468901dc69b36f6784f6699b109eb1a
Size: 800.65 kB
Asianux Server 7 for x86_64
- c-ares-1.10.0-3.el7.1.i686.rpm
MD5: e0efe8d0109ff3ef44a4475a5729bc5d
SHA-256: d5db7d3b43d2b0c8f7bcbcc9bfd4531a868858f3d6b4ae5b5b7a5c9916c94a5b
Size: 77.31 kB - c-ares-1.10.0-3.el7.1.x86_64.rpm
MD5: 045a5a5d10a30f613fae105d63573254
SHA-256: cca3f42702cbdcf29212f02404452fb2a4ba5aa2db07081c6fc847130cb2ec0b
Size: 77.18 kB - c-ares-devel-1.10.0-3.el7.1.i686.rpm
MD5: d9b14768ecd004d84fe03d91247d156d
SHA-256: a8ca82aa097585840a12ffc0f04ac347cae803a1ed6043383f01d6160a5acb5a
Size: 71.41 kB - c-ares-devel-1.10.0-3.el7.1.x86_64.rpm
MD5: 11eb5aed64ab06bb2883863f40ec69d0
SHA-256: f28038dfe66c433c323e7b3456b97f0b4287d4f46e0c6c9225ca026d14cc0b77
Size: 71.37 kB