Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status

c-ares: Multiple Vulnerabilities — GLSA 202310-09

Multiple vulnerabilities have been discovered in c-ares the worst of which could result in Denial of Service.

Affected packages

Package net-dns/c-ares on all architectures
Affected versions < 1.19.1
Unaffected versions >= 1.19.1

Background

c-ares is a C library for asynchronous DNS requests (including name resolves).

Description

Multiple vulnerabilities have been discovered in c-ares. Please review the CVE identifiers referenced below for details.

Impact

Please review the referenced CVE identifiers for details.

Workaround

There is no known workaround at this time.

Resolution

All c-ares users should upgrade to the latest version:

 # emerge --sync
 # emerge --ask --oneshot --verbose ">=net-dns/c-ares-1.19.1"

References

Release date
October 08, 2023

Latest revision
October 08, 2023: 1

Severity
normal

Exploitable
remote

Bugzilla entries