Security
Headlines
HeadlinesLatestCVEs

Headline

Ubuntu Security Notice USN-6676-1

Ubuntu Security Notice 6676-1 - Vojtěch Vobr discovered that c-ares incorrectly handled user input from local configuration files. An attacker could possibly use this issue to cause a denial of service via application crash.

Packet Storm
#vulnerability#ubuntu#dos

==========================================================================
Ubuntu Security Notice USN-6676-1
March 06, 2024

c-ares vulnerability

A security issue affects these releases of Ubuntu and its derivatives:

  • Ubuntu 23.10
  • Ubuntu 22.04 LTS
  • Ubuntu 20.04 LTS
  • Ubuntu 18.04 LTS (Available with Ubuntu Pro)
  • Ubuntu 16.04 LTS (Available with Ubuntu Pro)

Summary:

c-ares could be made to crash if it received specially crafted
input.

Software Description:

  • c-ares: library for asynchronous name resolution

Details:

Vojtěch Vobr discovered that c-ares incorrectly handled user input from
local configuration files. An attacker could possibly use this issue to
cause a denial of service via application crash.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 23.10:
libc-ares2 1.19.1-3ubuntu0.1

Ubuntu 22.04 LTS:
libc-ares2 1.18.1-1ubuntu0.22.04.3

Ubuntu 20.04 LTS:
libc-ares2 1.15.0-1ubuntu0.5

Ubuntu 18.04 LTS (Available with Ubuntu Pro):
libc-ares2 1.14.0-1ubuntu0.2+esm2

Ubuntu 16.04 LTS (Available with Ubuntu Pro):
libc-ares2 1.10.0-3ubuntu0.2+esm3

In general, a standard system update will make all the necessary changes.

References:
https://ubuntu.com/security/notices/USN-6676-1
CVE-2024-25629

Package Information:
https://launchpad.net/ubuntu/+source/c-ares/1.19.1-3ubuntu0.1
https://launchpad.net/ubuntu/+source/c-ares/1.18.1-1ubuntu0.22.04.3
https://launchpad.net/ubuntu/+source/c-ares/1.15.0-1ubuntu0.5

Related news

Red Hat Security Advisory 2024-4559-03

Red Hat Security Advisory 2024-4559-03 - An update for nodejs is now available for Red Hat Enterprise Linux 9.2 Extended Update Support. Issues addressed include HTTP request smuggling, denial of service, and out of bounds read vulnerabilities.

Red Hat Security Advisory 2024-4249-03

Red Hat Security Advisory 2024-4249-03 - An update for c-ares is now available for Red Hat Enterprise Linux 8. Issues addressed include an out of bounds read vulnerability.

Red Hat Security Advisory 2024-3842-03

Red Hat Security Advisory 2024-3842-03 - An update for c-ares is now available for Red Hat Enterprise Linux 9. Issues addressed include an out of bounds read vulnerability.

Packet Storm: Latest News

Acronis Cyber Protect/Backup Remote Code Execution