Release date:
2025-04-15 12:53:19 UTC
Description:
- CVE-2024-25629: fix invalid memory read issue in ares__read_line()
- CVE-2023-31130: fix buffer underflow in ares_inet_net_pton() for certain ipv6
addresses
- CVE-2023-31147: fix issue of using weak random numbers in DNS query ids by
replacing rand() with a modern OS-provided CSPRNG like arc4random()
- CVE-2023-31124: prevent fallback to rand() for entropy generation
which could allow an attacker to take advantage of the lack of entropy by not
using a CSPRNG.
Updated packages:
-
c-ares-1.17.1-5.el9_2.1.tuxcare.els3.i686.rpm
sha:6a008449fe15a638c2b401a4bb11ffd311182ea66db3959cd310f3bf45f62390
-
c-ares-1.17.1-5.el9_2.1.tuxcare.els3.x86_64.rpm
sha:a0a4e72907e036345c9eb91a83cebdf12cacf235e8d629e44ededa4d7605eeb4
-
c-ares-devel-1.17.1-5.el9_2.1.tuxcare.els3.i686.rpm
sha:8c4fe44aedbe2455cb06c4a9496d2e43d58b53681bf91389c7950b926d8e68f5
-
c-ares-devel-1.17.1-5.el9_2.1.tuxcare.els3.x86_64.rpm
sha:1959beb2942926e45821bc6813a3aa3c4a623a57da11a554000b34aafa0812d6
Notes:
This page is generated automatically and has not been checked for errors. For clarification or
corrections please contact the
CloudLinux Packaging Team.
