Updated c-ares packages fix security vulnerability

🗓️ 27 Feb 2023 20:27:16Reported by Gentoo FoundationType

Updated c-ares packages fix security vulnerability. The config_sortlist function is missing checks about the validity of the input string, which allows a possible arbitrary length stack overflow and thus may cause a denial of service.

Reporter	Title	Published	Views	Family All 248
IBM Security Bulletins	Security Bulletin: IBM Cloud Pak for Security includes components with multiple known vulnerabilities	7 Jun 202316:53	–	ibm
IBM Security Bulletins	Security Bulletin: IBM App Connect Enterprise Certified Container operands are vulnerable to denial of service and arbitrary code execution due to [CVE-2022-4904], [CVE-2023-32067]	28 Jul 202314:31	–	ibm
IBM Security Bulletins	Security Bulletin: IBM QRadar Data Synchronization App for IBM QRadar SIEM is vulnerable to using components with known vulnerabilities	15 Apr 202503:57	–	ibm
Tenable Nessus	Amazon Linux 2023 : c-ares, c-ares-devel (ALAS2023-2023-198)	8 Jun 202300:00	–	nessus
Tenable Nessus	Amazon Linux 2023 : nodejs, nodejs-devel, nodejs-full-i18n (ALAS2023-2023-243)	20 Jul 202300:00	–	nessus
Tenable Nessus	Amazon Linux 2 : c-ares (ALAS-2024-2399)	9 Jan 202400:00	–	nessus
Tenable Nessus	Amazon Linux AMI : c-ares (ALAS-2023-1780)	20 Jul 202300:00	–	nessus
Tenable Nessus	Alibaba Cloud Linux 3 : 0037: nodejs:14 (ALINUX3-SA-2023:0037)	14 May 202500:00	–	nessus
Tenable Nessus	AlmaLinux 9 : nodejs:18 (ALSA-2023:2654)	13 May 202300:00	–	nessus
Tenable Nessus	AlmaLinux 9 : nodejs and nodejs-nodemon (ALSA-2023:2655)	14 May 202300:00	–	nessus

OS	OS Version	Architecture	Package	Package Version	Filename
Mageia	8	any	c-ares	1.17.1-1.2	c-ares-1.17.1-1.2.noarch.rpm

Source	Link
bugs	www.bugs.mageia.org/show_bug.cgi
debian	www.debian.org/lts/security/2023/dla-3323

20 Feb 2023 21:25Current

8.7High risk

Vulners AI Score8.7

CVSS 3.18.6

EPSS0.01232

SSVC