Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status

c-ares: Multiple Vulnerabilities — GLSA 202401-02

Multiple vulnerabilities have been found in c-ares, the worst of which could result in the loss of confidentiality or integrity.

Affected packages

Package net-dns/c-ares on all architectures
Affected versions < 1.19.0
Unaffected versions >= 1.19.0

Background

c-ares is a C library for asynchronous DNS requests (including name resolves).

Description

Multiple vulnerabilities have been discovered in c-ares. Please review the CVE identifiers referenced below for details.

Impact

Please review the referenced CVE identifiers for details.

Workaround

There is no known workaround at this time.

Resolution

All c-ares users should upgrade to the latest version:

 # emerge --sync
 # emerge --ask --oneshot --verbose ">=net-dns/c-ares-1.19.0"

References

Release date
January 05, 2024

Latest revision
January 05, 2024: 1

Severity
normal

Exploitable
remote

Bugzilla entries