ArchLinux: 202011-18: c-ares: denial of service
Summary
An application that allows an attacker to trigger a DNS request for a host of their choice could trigger a Denial of Service by getting the application to resolve a DNS record with a large number of responses.
Resolution
Upgrade to 1.17.1-1.
# pacman -Syu "c-ares>=1.17.1-1"
The problem has been fixed upstream in version 1.17.1.
References
https://github.com/c-ares/c-ares/issues/371 https://github.com/c-ares/c-ares/commit/0d252eb3b2147179296a3bdb4ef97883c97c54d3 https://security.archlinux.org/CVE-2020-8277
Workaround
None.