[ALAS-2021-1545] Amazon Linux AMI 2014.03 - ALAS-2021-1545: medium priority package update for c-ares
Severity
Medium
Affected Packages
6
CVEs
1
Package updates are available for Amazon Linux AMI that fix the following vulnerabilities:
CVE-2021-3672:
A flaw was found in c-ares library, where a missing input validation check of host names returned by DNS (Domain Name Servers) can lead to output of wrong hostnames which might potentially lead to Domain Hijacking. The highest threat from this vulnerability is to confidentiality and integrity as well as system availability.
1988342: CVE-2021-3672 c-ares: Missing input validation of host names may lead to domain hijacking
| Package | Affected Version |
|---|---|
 pkg:rpm/amazonlinux/c-ares?arch=x86_64&distro=amazonlinux-1
|
< 1.17.2-1.8.amzn1 |
|
pkg:rpm/amazonlinux/c-ares?arch=i686&distro=amazonlinux-1
|
< 1.17.2-1.8.amzn1 |
|
pkg:rpm/amazonlinux/c-ares-devel?arch=x86_64&distro=amazonlinux-1
|
< 1.17.2-1.8.amzn1 |
|
pkg:rpm/amazonlinux/c-ares-devel?arch=i686&distro=amazonlinux-1
|
< 1.17.2-1.8.amzn1 |
|
pkg:rpm/amazonlinux/c-ares-debuginfo?arch=x86_64&distro=amazonlinux-1
|
< 1.17.2-1.8.amzn1 |
|
pkg:rpm/amazonlinux/c-ares-debuginfo?arch=i686&distro=amazonlinux-1
|
< 1.17.2-1.8.amzn1 |
- ID
- ALAS-2021-1545
- Severity
- medium
- URL
- https://alas.aws.amazon.com/ALAS-2021-1545.html
- Published
-
2021-10-29T16:37:00
(2 years ago) - Modified
-
2021-11-04T18:54:00
(2 years ago) - Rights
- Amazon Linux Security Team
- Other Advisories
-
-
ALAS2-2024-2399
-
ALPINE:CVE-2021-3672
-
ALSA-2021:3623
-
ALSA-2021:3666
-
ALSA-2022:2043
-
ASA-202108-13
-
DSA-4954-1
-
ELSA-2021-3623
-
ELSA-2021-3666
-
ELSA-2022-2043
-
FEDORA-2021-001ec24fc5
-
FEDORA-2021-0a60cbb948
-
FEDORA-2021-52c89b44a9
-
FEDORA-2021-a48cf28c13
-
FEDORA-2021-c83b66abdb
-
FREEBSD:43E9FFD4-D6E0-11ED-956F-7054D21A9E2A
-
GLSA-202401-02
-
GLSA-202405-29
-
MS:CVE-2021-3672
-
openSUSE-SU-2021:1168-1
-
openSUSE-SU-2021:1214-1
-
openSUSE-SU-2021:1239-1
-
openSUSE-SU-2021:1313-1
-
openSUSE-SU-2021:2760-1
-
openSUSE-SU-2021:2875-1
-
openSUSE-SU-2021:2953-1
-
openSUSE-SU-2021:3211-1
-
RHSA-2021:3623
-
RHSA-2021:3666
-
RHSA-2022:2043
-
RLSA-2021:3623
-
RLSA-2021:3666
-
RLSA-2022:2043
-
SUSE-SU-2021:2690-1
-
SUSE-SU-2021:2760-1
-
SUSE-SU-2021:2823-1
-
SUSE-SU-2021:2824-1
-
SUSE-SU-2021:2875-1
-
SUSE-SU-2021:2953-1
-
SUSE-SU-2021:3184-1
-
SUSE-SU-2021:3211-1
-
USN-5034-1
-
USN-5034-2
-
| Source | # ID | Name | URL |
|---|---|---|---|
| CVE | CVE-2021-3672 |
|
| Type | Package URL | Namespace | Name / Product | Version | Distribution / Platform | Arch | Patch / Fix |
|---|---|---|---|---|---|---|---|
| Affected | pkg:rpm/amazonlinux/c-ares?arch=x86_64&distro=amazonlinux-1 | amazonlinux |
c-ares
|
< 1.17.2-1.8.amzn1 | amazonlinux-1 | x86_64 | |
| Affected | pkg:rpm/amazonlinux/c-ares?arch=i686&distro=amazonlinux-1 | amazonlinux |
c-ares
|
< 1.17.2-1.8.amzn1 | amazonlinux-1 | i686 | |
| Affected | pkg:rpm/amazonlinux/c-ares-devel?arch=x86_64&distro=amazonlinux-1 | amazonlinux |
c-ares-devel
|
< 1.17.2-1.8.amzn1 | amazonlinux-1 | x86_64 | |
| Affected | pkg:rpm/amazonlinux/c-ares-devel?arch=i686&distro=amazonlinux-1 | amazonlinux |
c-ares-devel
|
< 1.17.2-1.8.amzn1 | amazonlinux-1 | i686 | |
| Affected | pkg:rpm/amazonlinux/c-ares-debuginfo?arch=x86_64&distro=amazonlinux-1 | amazonlinux |
c-ares-debuginfo
|
< 1.17.2-1.8.amzn1 | amazonlinux-1 | x86_64 | |
| Affected | pkg:rpm/amazonlinux/c-ares-debuginfo?arch=i686&distro=amazonlinux-1 | amazonlinux |
c-ares-debuginfo
|
< 1.17.2-1.8.amzn1 | amazonlinux-1 | i686 |
| # CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | Exploits | PoC | Pubblication Date | Modification Date |
|---|---|---|---|---|---|---|---|---|---|---|---|
| # CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | PoC | Pubblication Date | Modification Date |