[SECURITY] [DLA 998-1] c-ares security update

To: debian-lts-announce@lists.debian.org
Subject: [SECURITY] [DLA 998-1] c-ares security update
From: Thorsten Alteholz <debian@alteholz.de>
Date: Thu, 22 Jun 2017 22:13:18 +0200 (CEST)
Message-id: <[🔎] alpine.DEB.2.02.1706222212330.7764@jupiter.server.alteholz.net>
Mail-followup-to: debian-lts@lists.debian.org
Reply-to: debian-lts@lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Package        : c-ares
Version        : 1.9.1-3+deb7u2
CVE ID         : CVE-2017-1000381

CVE-2017-1000381
     The c-ares function ares_parse_naptr_reply(), which is used for
     parsing NAPTR responses, could be triggered to read memory
     outside of the given input buffer if the passed in DNS response
     packet was crafted in a particular way.


For Debian 7 "Wheezy", these problems have been fixed in version
1.9.1-3+deb7u2.

We recommend that you upgrade your c-ares packages.

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iQJ8BAEBCgBmBQJZTCTeXxSAAAAAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w
ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXQ2MjAxRkJGRkRCQkRFMDc4MjJFQUJCOTY5
NkZDQUMwRDM4N0I1ODQ3AAoJEJb8rA04e1hHvWYP/2IN6rEtVlPO0HNhU75/38xZ
ybaw0ne57wfe+BSyuChPimJpi+QBfOofA3IdgMvSbLujUjr9bfmTOi8cIjarUla7
+a90i32/csjdD0UvqFQL9rCYA1iV8p7lorCUNOUlm6I5qQuJ/GU0FND3lfZXyYNx
FYFd75JqIC5Qq63VmW5xlCz/KqYLbbxHiXJk+kyXwxGtHZJuj2br965FzkBM7EF8
2gomWFRX1+AEQ85g6OSQWZx++61KWgtxXq7aHw1xLtwgQL0QPSJ1HJ8ZsmQYiY7N
97HSj3VqT4W+QBvM72fIkHU92GvKOb9TvsSsXlXDzFyrMugj8TydwYH2X2WrdNg6
X1iCzGh6yK/1NyYQQIFN0Q3yRwNYjA2lsvZ/EyzqWWKRLxq6aFWjJSAmtdVh4Sda
LFrJXLd7S9lH1RyKMY5G/+ByXqBudQyC6XPJCKH2yV7uZZx0/A+cAM+CCWfLuQF3
Qsmj4Gjpwt46HZpYx2LeZUDyJ0tVZ2tSrYFnn2xZiv7D4w/FUTJONgRMxHa15g55
PJFJ/RwRvV2PNQaqmYzpsJIacsS356r5PNO5HFpmE2Mka5kWQ8DmPsZqisxnd23n
89kqh7SsLxg4hxAS3ITLsKTXmXygmUmw5AAhx/5YfxBKPbKZm6uCjryrr2C09w/R
XEzdGAWZ2C/3y8JVM1SJ
=wBmv
-----END PGP SIGNATURE-----

Reply to:

Prev by Date: [SECURITY] [DLA 997-1] libffi security update
Next by Date: [SECURITY] [DLA 999-1] openvpn security update
Previous by thread: [SECURITY] [DLA 997-1] libffi security update
Next by thread: [SECURITY] [DLA 999-1] openvpn security update
Index(es):
- Date
- Thread