c-ares-1.13.0-6.el8.2
エラータID: AXSA:2023-6142:03
リリース日:
2023/06/27 Tuesday - 07:47
題名:
c-ares-1.13.0-6.el8.2
影響のあるチャネル:
Asianux Server 8 for x86_64
Severity:
High
Description:
以下項目について対処しました。
[Security Fix]
- c-ares には、誤ってソケットをシャットダウンしてしまう問題がある
ため、リモートの攻撃者により、データ長が 0 バイトとなるように細工
された応答パケットを介して、サービス拒否攻撃を可能とする脆弱性が
存在します。(CVE-2023-32067)
解決策:
パッケージをアップデートしてください。
CVE:
CVE-2023-32067
c-ares is an asynchronous resolver library. c-ares is vulnerable to denial of service. If a target resolver sends a query, the attacker forges a malformed UDP packet with a length of 0 and returns them to the target resolver. The target resolver erroneously interprets the 0 length as a graceful shutdown of the connection. This issue has been patched in version 1.19.1.
c-ares is an asynchronous resolver library. c-ares is vulnerable to denial of service. If a target resolver sends a query, the attacker forges a malformed UDP packet with a length of 0 and returns them to the target resolver. The target resolver erroneously interprets the 0 length as a graceful shutdown of the connection. This issue has been patched in version 1.19.1.
追加情報:
N/A
ダウンロード:
SRPMS
- c-ares-1.13.0-6.el8.2.src.rpm
MD5: 202f1badcdf02b34baddf8845ba816bf
SHA-256: 8be02e156aadb4cc45f3f4dd07d2c1ae068ba74852803bc76845edc81fe5decc
Size: 1.40 MB
Asianux Server 8 for x86_64
- c-ares-1.13.0-6.el8.2.i686.rpm
MD5: 5e501602a893fa91f2e8fbcff065e9a1
SHA-256: c0cc9a185aec4be35c579c8710ee287162ce0adee7b523ff28c06811eddbb09a
Size: 95.79 kB - c-ares-1.13.0-6.el8.2.x86_64.rpm
MD5: 669fd10bff553936fc2fcd8ea64839ac
SHA-256: 8a88f61a291992f52fe04ce3a86e1c15d84b3096c57bca98cb012818f3f10da0
Size: 92.25 kB - c-ares-devel-1.13.0-6.el8.2.i686.rpm
MD5: e58e5abdc817727884aaa8d03a894a69
SHA-256: 9800551c214bebe6dc674f2ee630e357b304c953da8cf62f6a059c5d71809058
Size: 87.11 kB - c-ares-devel-1.13.0-6.el8.2.x86_64.rpm
MD5: c276cc434535e97c580272b8e3acdd83
SHA-256: b45436dceef9c8a7d44cdb45d76d9b1fb5bd07d05a07f8c3bcf908f6336caabb
Size: 87.08 kB
English