c-ares: Buffer Underwrite in ares_inet_net_pton()

A vulnerability was found in c-ares. This issue occurs in the aresinetnetpton function, which is vulnerable to a buffer underflow for certain ipv6 addresses. "0::00:00:00/2" in particular was found to cause an issue. C-ares only uses this function internally for configuration purposes, which woul...

Moderate: c-ares security update

The c-ares C library defines asynchronous DNS Domain Name System requests and provides name resolving API. Security Fixes: c-ares: Heap buffer over read in aresparsesoareply CVE-2020-22217 c-ares: Buffer Underwrite in aresinetnetpton CVE-2023-31130 For more details about the security issues,...

ALSA-2023:7207 Moderate: c-ares security update

The c-ares C library defines asynchronous DNS Domain Name System requests and provides name resolving API. Security Fixes: c-ares: Heap buffer over read in aresparsesoareply CVE-2020-22217 c-ares: Buffer Underwrite in aresinetnetpton CVE-2023-31130 For more details about the security issues,...

Moderate: c-ares security, bug fix, and enhancement update

The c-ares C library defines asynchronous DNS Domain Name System requests and provides name resolving API. The following packages have been upgraded to a later upstream version: c-ares 1.19.1. BZ2210370 Security Fixes: c-ares: buffer overflow in configsortlist due to missing string length check...

USN-6355-1 grub2-signed, grub2-unsigned, shim, and shim-signed vulnerability

Daniel Axtens discovered that specially crafted images could cause a heap-based out-of-bonds write. A local attacker could possibly use this to circumvent secure boot protections. CVE-2021-3695 Daniel Axtens discovered that specially crafted images could cause out-of-bonds read and write. A local...

USN-6355-1: GRUB2 vulnerabilities

Daniel Axtens discovered that specially crafted images could cause a heap-based out-of-bonds write. A local attacker could possibly use this to circumvent secure boot protections. CVE-2021-3695 Daniel Axtens discovered that specially crafted images could cause out-of-bonds read and write. A local...

RLSA-2023:4035 Important: nodejs:18 security update

Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Security Fixes: c-ares: 0-byte UDP payload Denial of Service CVE-2023-32067 c-ares: buffer overflow in configsortlist due to missing string length check...

nodejs:16 security update

An update is available for nodejs-nodemon, module.nodejs, nodejs, module.nodejs-nodemon, module.nodejs-packaging, nodejs-packaging. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability...

RHEL 8 : nodejs:16 (RHSA-2023:4034)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:4034 advisory. Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language...

RHEL 8 : nodejs:16 (RHSA-2023:4033)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:4033 advisory. Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language...

RHEL 9 : nodejs (RHSA-2023:4036)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:4036 advisory. Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language...

RHEL 7 : rh-nodejs14-nodejs (RHSA-2023:4039)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:4039 advisory. Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language...

c-ares: Buffer Underwrite in ares_inet_net_pton()

A vulnerability was found in c-ares. This issue occurs in the aresinetnetpton function, which is vulnerable to a buffer underflow for certain ipv6 addresses. "0::00:00:00/2" in particular was found to cause an issue. C-ares only uses this function internally for configuration purposes, which woul...

Important: Red Hat Security Advisory: nodejs:16 security update

An update for the nodejs:16 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

c-ares: Buffer Underwrite in ares_inet_net_pton()

A vulnerability was found in c-ares. This issue occurs in the aresinetnetpton function, which is vulnerable to a buffer underflow for certain ipv6 addresses. "0::00:00:00/2" in particular was found to cause an issue. C-ares only uses this function internally for configuration purposes, which woul...

c-ares: Buffer Underwrite in ares_inet_net_pton()

A vulnerability was found in c-ares. This issue occurs in the aresinetnetpton function, which is vulnerable to a buffer underflow for certain ipv6 addresses. "0::00:00:00/2" in particular was found to cause an issue. C-ares only uses this function internally for configuration purposes, which woul...

c-ares: Buffer Underwrite in ares_inet_net_pton()

A vulnerability was found in c-ares. This issue occurs in the aresinetnetpton function, which is vulnerable to a buffer underflow for certain ipv6 addresses. "0::00:00:00/2" in particular was found to cause an issue. C-ares only uses this function internally for configuration purposes, which woul...

Important: Red Hat Security Advisory: nodejs security update

An update for nodejs is now available for Red Hat Enterprise Linux 9.0 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for...

Important: nodejs:16 security update

Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Security Fixes: c-ares: 0-byte UDP payload Denial of Service CVE-2023-32067 c-ares: Buffer Underwrite in aresinetnetpton CVE-2023-31130 c-ares: Insufficient...

RLSA-2023:3577 Important: nodejs:18 security update

Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Security Fixes: c-ares: 0-byte UDP payload Denial of Service CVE-2023-32067 c-ares: Buffer Underwrite in aresinetnetpton CVE-2023-31130 c-ares: Insufficient...