Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 580
Alerts This Week
Warning Icon 1 580

Debian 10 Buster DLA-3323-1 Critical Update: c-ares DoS Vulnerability

debian lts
Calendar Grey February 18, 2023
Dist Debian Esm H88
Debian LTS Advisory DLA-3324-1 addresses vulnerabilities in OpenSSL caused by cryptographic implementation oversights. Upgrade is advised.
It was discovered that in c-ares, an asynchronous name resolver library, the config_sortlist function is missing checks about the validity of the input string, which allows a possi...

Summary

We recommend that you upgrade your c-ares packages.

For the detailed security status of c-ares please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/source-package/c-ares

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS


Severity
critical
Lowest
Low
Medium
High
Critical

-------------------------------------------------------------------------Package: c-ares
Version: 1.14.0-1+deb10u2
CVE ID: CVE-2022-4904
Debian Bug: 1031525

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.