1. Home
  2. Security Advisories
  3. Red Hat
  4. RHSA-2023:6635

[RHSA-2023:6635] c-ares security, bug fix, and enhancement update

Severity Moderate
Affected Packages 10
CVEs 4
Info Packages References Vulnerabilities

The c-ares C library defines asynchronous DNS (Domain Name System) requests and provides name resolving API.

The following packages have been upgraded to a later upstream version: c-ares (1.19.1). (BZ#2210370)

Security Fix(es):

  • c-ares: buffer overflow in config_sortlist() due to missing string length check (CVE-2022-4904)

  • c-ares: Buffer Underwrite in ares_inet_net_pton() (CVE-2023-31130)

  • c-ares: Insufficient randomness in generation of DNS query IDs (CVE-2023-31147)

  • c-ares: AutoTools does not set CARES_RANDOM_FILE during cross compilation (CVE-2023-31124)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Additional Changes:

For detailed information on changes in this release, see the Red Hat Enterprise Linux 9.3 Release Notes linked from the References section.

Package Affected Version
pkg:rpm/redhat/c-ares?arch=x86_64&distro=redhat-9 < 1.19.1-1.el9
pkg:rpm/redhat/c-ares?arch=s390x&distro=redhat-9 < 1.19.1-1.el9
pkg:rpm/redhat/c-ares?arch=ppc64le&distro=redhat-9 < 1.19.1-1.el9
pkg:rpm/redhat/c-ares?arch=i686&distro=redhat-9 < 1.19.1-1.el9
pkg:rpm/redhat/c-ares?arch=aarch64&distro=redhat-9 < 1.19.1-1.el9
pkg:rpm/redhat/c-ares-devel?arch=x86_64&distro=redhat-9 < 1.19.1-1.el9
pkg:rpm/redhat/c-ares-devel?arch=s390x&distro=redhat-9 < 1.19.1-1.el9
pkg:rpm/redhat/c-ares-devel?arch=ppc64le&distro=redhat-9 < 1.19.1-1.el9
pkg:rpm/redhat/c-ares-devel?arch=i686&distro=redhat-9 < 1.19.1-1.el9
pkg:rpm/redhat/c-ares-devel?arch=aarch64&distro=redhat-9 < 1.19.1-1.el9
ID
RHSA-2023:6635
Severity
moderate
URL
https://access.redhat.com/errata/RHSA-2023:6635
Published
2023-11-07T00:00:00
(10 months ago)
Modified
2023-11-07T00:00:00
(10 months ago)
Rights
Copyright 2023 Red Hat, Inc.
Other Advisories
Type Package URL Namespace Name / Product Version Distribution / Platform Arch Patch / Fix
Affected pkg:rpm/redhat/c-ares?arch=x86_64&distro=redhat-9 redhat c-ares < 1.19.1-1.el9 redhat-9 x86_64
Affected pkg:rpm/redhat/c-ares?arch=s390x&distro=redhat-9 redhat c-ares < 1.19.1-1.el9 redhat-9 s390x
Affected pkg:rpm/redhat/c-ares?arch=ppc64le&distro=redhat-9 redhat c-ares < 1.19.1-1.el9 redhat-9 ppc64le
Affected pkg:rpm/redhat/c-ares?arch=i686&distro=redhat-9 redhat c-ares < 1.19.1-1.el9 redhat-9 i686
Affected pkg:rpm/redhat/c-ares?arch=aarch64&distro=redhat-9 redhat c-ares < 1.19.1-1.el9 redhat-9 aarch64
Affected pkg:rpm/redhat/c-ares-devel?arch=x86_64&distro=redhat-9 redhat c-ares-devel < 1.19.1-1.el9 redhat-9 x86_64
Affected pkg:rpm/redhat/c-ares-devel?arch=s390x&distro=redhat-9 redhat c-ares-devel < 1.19.1-1.el9 redhat-9 s390x
Affected pkg:rpm/redhat/c-ares-devel?arch=ppc64le&distro=redhat-9 redhat c-ares-devel < 1.19.1-1.el9 redhat-9 ppc64le
Affected pkg:rpm/redhat/c-ares-devel?arch=i686&distro=redhat-9 redhat c-ares-devel < 1.19.1-1.el9 redhat-9 i686
Affected pkg:rpm/redhat/c-ares-devel?arch=aarch64&distro=redhat-9 redhat c-ares-devel < 1.19.1-1.el9 redhat-9 aarch64
# CVE Description CVSS EPSS EPSS Trend (30 days) Affected Products Weaknesses Security Advisories Exploits PoC Pubblication Date Modification Date
# CVE Description CVSS EPSS EPSS Trend (30 days) Affected Products Weaknesses Security Advisories PoC Pubblication Date Modification Date