1. Home
  2. Security Advisories
  3. Ubuntu
  4. USN-5034-2

[USN-5034-2] c-ares vulnerability

Severity Medium
Affected Packages 2
CVEs 1
Info Packages Vulnerabilities

c-ares could be made to return wrong domains.

USN-5034-1 fixed a vulnerability in c-ares. This update provides
the corresponding update for Ubuntu 16.04 ESM.

Original advisory details:

Philipp Jeitner and Haya Shulman discovered that c-ares incorrectly
validated certain hostnames returned by DNS servers. A remote attacker
could possibly use this issue to perform Domain Hijacking attacks.

Package Affected Version
pkg:deb/ubuntu/libc-ares2?distro=xenial < 1.10.0-3ubuntu0.2+esm1
pkg:deb/ubuntu/libc-ares-dev?distro=xenial < 1.10.0-3ubuntu0.2+esm1
ID
USN-5034-2
Severity
medium
URL
https://ubuntu.com/security/notices/USN-5034-2
Published
2021-08-10T17:15:47
(3 years ago)
Modified
2021-08-10T17:15:47
(3 years ago)
Other Advisories
Type Package URL Namespace Name / Product Version Distribution / Platform Arch Patch / Fix
Affected pkg:deb/ubuntu/libc-ares2?distro=xenial ubuntu libc-ares2 < 1.10.0-3ubuntu0.2+esm1 xenial
Affected pkg:deb/ubuntu/libc-ares-dev?distro=xenial ubuntu libc-ares-dev < 1.10.0-3ubuntu0.2+esm1 xenial
# CVE Description CVSS EPSS EPSS Trend (30 days) Affected Products Weaknesses Security Advisories Exploits PoC Pubblication Date Modification Date
# CVE Description CVSS EPSS EPSS Trend (30 days) Affected Products Weaknesses Security Advisories PoC Pubblication Date Modification Date