Univention Bugzilla – Bug 56236
c-ares: Multiple issues (5.0)
Last modified: 2023-07-12 13:57:22 CEST
New Debian c-ares 1.14.0-1+deb10u3 fixes: This update addresses the following issues: 1.14.0-1+deb10u3 (Mon, 26 Jun 2023 06:41:46 +0200) * Non-maintainer upload by the LTS Security Team. * Fix CVE-2023-32067: Improve UDP packet handling in ares_process.c to prevent a denial of service due to a malformed UDP packet. * Fix CVE-2023-31130: fix buffer underflow for certain IPv6 addresses in inet_net_pton_ipv6(). Use our own IP conversion functions, do not delegate to OS.
--- mirror/ftp/pool/main/c/c-ares/c-ares_1.14.0-1+deb10u2.dsc +++ apt/ucs_5.0-0-errata5.0-4/source/c-ares_1.14.0-1+deb10u3.dsc @@ -1,3 +1,14 @@ +1.14.0-1+deb10u3 [Mon, 26 Jun 2023 06:41:46 +0200] Anton Gladky <gladk@debian.org>: + + * Non-maintainer upload by the LTS Security Team. + * Fix CVE-2023-32067: + Improve UDP packet handling in ares_process.c to prevent + a denial of service due to a malformed UDP packet. + * Fix CVE-2023-31130: + fix buffer underflow for certain IPv6 addresses in + inet_net_pton_ipv6(). Use our own IP conversion functions, + do not delegate to OS. + 1.14.0-1+deb10u2 [Sat, 18 Feb 2023 20:30:16 +0100] Markus Koschany <apo@debian.org>: * Non-maintainer upload by the LTS team. <http://piuparts.knut.univention.de/5.0-4/#4435872513843642685>
OK: yaml OK: announce_errata OK: patch OK: piuparts
<https://errata.software-univention.de/#/?erratum=5.0x727>