MGASA-2021-0007 - Updated c-ares packages fix security vulnerabilities

Publication date: 08 Jan 2021
URL: https://advisories.mageia.org/MGASA-2021-0007.html
Type: security
Affected Mageia releases: 7

Avoid read-heap-buffer-overflow in ares_parse_soa_reply found during
fuzzing.

Avoid theoretical buffer overflow in RC4 loop comparison.

Empty hquery->name could lead to invalid memory access.

ares_parse_{a,aaaa}_reply() could return a larger *naddrttls than was
passed in.

References:
- https://bugs.mageia.org/show_bug.cgi?id=27654
- https://c-ares.haxx.se/changelog.html#1_17_1

SRPMS:
- 7/core/c-ares-1.17.1-1.mga7