Alerts This Week
Warning Icon 1 525
Alerts This Week
Warning Icon 1 525

Ubuntu 22.10: 5907-1 Serious Risk of c-ares Denial Of Service Attack

Calendar Mar 02, 2023 User Avatar LinuxSecurity Advisories
1 - 2 min read
Ubuntu Large Esm H500
Topics%20covered

Topics Covered

security advisory denial of service software update ubuntu attack risk input processing c-ares
c-ares could be made to crash or run programs if it processed specially crafted input. 
=========================================================================Ubuntu Security Notice USN-5907-1
March 02, 2023

c-ares vulnerability
=========================================================================
A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 22.10
- Ubuntu 22.04 LTS
- Ubuntu 20.04 LTS
- Ubuntu 18.04 LTS

Summary:

c-ares could be made to crash or run programs if it processed specially
crafted input.

Software Description:
- c-ares: library for asynchronous name resolution

Details:

It was discovered that c-ares incorrectly handled certain sortlist strings.
A remote attacker could use this issue to cause c-ares to crash, resulting
in a denial of service, or possibly execute arbitrary code.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 22.10:
   libc-ares2                      1.18.1-1ubuntu0.22.10.1

Ubuntu 22.04 LTS:
   libc-ares2                      1.18.1-1ubuntu0.22.04.1

Ubuntu 20.04 LTS:
   libc-ares2                      1.15.0-1ubuntu0.2

Ubuntu 18.04 LTS:
   libc-ares2                      1.14.0-1ubuntu0.2

In general, a standard system update will make all the necessary changes.

References:
   https://ubuntu.com/security/notices/USN-5907-1
   CVE-2022-4904

Package Information:
   https://launchpad.net/ubuntu/+source/c-ares/1.18.1-1ubuntu0.22.10.1
   https://launchpad.net/ubuntu/+source/c-ares/1.18.1-1ubuntu0.22.04.1
   https://launchpad.net/ubuntu/+source/c-ares/1.15.0-1ubuntu0.2
   https://launchpad.net/ubuntu/+source/c-ares/1.14.0-1ubuntu0.2

Ubuntu 22.10: 5907-1 Serious Risk of c-ares Denial Of Service Attack

ubuntu
Calendar Grey March 2, 2023
Dist Ubuntu Esm H88
Ensure your Ubuntu installation is updated to mitigate the c-ares vulnerability, which could lead to system crashes or unauthorized code execution upon receiving specially designed input.
c-ares could be made to crash or run programs if it processed specially crafted input.

Summary

Topics%20covered

Topics Covered

security advisory denial of service software update ubuntu attack risk input processing c-ares

Update Instructions

The problem can be corrected by updating your system to the following package versions: Ubuntu 22.10: libc-ares2 1.18.1-1ubuntu0.22.10.1 Ubuntu 22.04 LTS: libc-ares2 1.18.1-1ubuntu0.22.04.1 Ubuntu 20.04 LTS: libc-ares2 1.15.0-1ubuntu0.2 Ubuntu 18.04 LTS: libc-ares2 1.14.0-1ubuntu0.2 In general, a standard system update will make all the necessary changes.

References

https://ubuntu.com/security/notices/USN-5907-1

CVE-2022-4904

Severity
critical
Lowest
Low
Medium
High
Critical

March 02, 2023

Topics%20covered

Topics Covered

security advisory denial of service software update ubuntu attack risk input processing c-ares

Package Information

https://launchpad.net/ubuntu/+source/c-ares/1.18.1-1ubuntu0.22.10.1 https://launchpad.net/ubuntu/+source/c-ares/1.18.1-1ubuntu0.22.04.1 https://launchpad.net/ubuntu/+source/c-ares/1.15.0-1ubuntu0.2 https://launchpad.net/ubuntu/+source/c-ares/1.14.0-1ubuntu0.2

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Related News

Your message here