Advisories » MGASA-2021-0007

Updated c-ares packages fix security vulnerabilities

Publication date: 08 Jan 2021
Modification date: 08 Jan 2021
Type: security
Affected Mageia releases : 7

Description

Avoid read-heap-buffer-overflow in ares_parse_soa_reply found during
fuzzing.

Avoid theoretical buffer overflow in RC4 loop comparison.

Empty hquery->name could lead to invalid memory access.

ares_parse_{a,aaaa}_reply() could return a larger *naddrttls than was
passed in.
                

References

• https://bugs.mageia.org/show_bug.cgi?id=27654
• https://c-ares.haxx.se/changelog.html#1_17_1

SRPMS

7/core

• c-ares-1.17.1-1.mga7