[SECURITY] [DLA 2738-1] c-ares security update

To: debian-lts-announce@lists.debian.org
Subject: [SECURITY] [DLA 2738-1] c-ares security update
From: Thorsten Alteholz <debian@alteholz.de>
Date: Tue, 10 Aug 2021 07:18:07 +0000 (UTC)
Message-id: <[🔎] alpine.DEB.2.21.2108100717140.15981@postfach.intern.alteholz.me>
Mail-followup-to: debian-lts@lists.debian.org
Reply-to: debian-lts@lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian LTS Advisory DLA-2738-1                debian-lts@lists.debian.org
https://www.debian.org/lts/security/                    Thorsten Alteholz
August 10, 2021                               https://wiki.debian.org/LTS
- -------------------------------------------------------------------------

Package        : c-ares
Version        : 1.12.0-1+deb9u2
CVE ID         : CVE-2021-3672


An issue has been found in c-ares, an asynchronous name resolver.

Missing input validation of host names returned by Domain Name Servers canlead to output of wrong hostnames.



For Debian 9 stretch, this problem has been fixed in version
1.12.0-1+deb9u2.

We recommend that you upgrade your c-ares packages.

For the detailed security status of c-ares please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/c-ares

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS

-----BEGIN PGP SIGNATURE-----

iQKTBAEBCgB9FiEEYgH7/9u94Hgi6ruWlvysDTh7WEcFAmESKC9fFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDYy
MDFGQkZGREJCREUwNzgyMkVBQkI5Njk2RkNBQzBEMzg3QjU4NDcACgkQlvysDTh7
WEch+RAAqiyux1wOiMm2ATIW+PYdcQy0fiLAffyUtpFivh6E08Vg/xkUjESn+8vQ
0scIV+VOkNSWoSpmG+LkQAyrzTOzLXhDOv65oXiiEEAmO8HSKQ0e+2FrWDgWeFCP
BBjrcMc6kh6WCDYF1ikLv1QmRRwJ0OtS/3fYMvuQTIhmu3qRo1fG7OXJcMQJW0Ns
Q2YUKHtk5ofeGunyqQ9Bxyv3nSKthXQ5mE+l79hrO48ROKnxSXuYWwk61IqjGRcm
WZ+WcaQgrewOHdmZ+gU6sCQ5SOuTDrettkg1iofb2SGEOW355gJd1ChKq7cNmolb
BQ3f7bKq0tSHlipNmDL++apbwONNMRat3GfY131BwToDZ0UI8p3f1M8nqe7E+Go7
9B0WkFi1Egvklu6fSFqaTi15C3cK8Sq1SADpsWYuWghJoXcG4Z+8c4CyLrI2o1BY
AoAoxRUjfk0NTEnhH/K8gAjP5XjE3/qGA83qCu/xjx/iVqSngvhAKzA+ktv5DGLm
UgTB2K6LdIBk9Q+c+JfMMrpxl4t9k1XWfrI0k6oirGN+mNFN6A0xvDlREWlZHsLN
N0BdxpURzwvrvHFoHVz4dg1RDcZavZFUVRyH2XfAEhCwHN/A+Qf4rpWFb/F4na75
wYz8iuGTIsdQZr546kMC4h2fR5JQtFhqLMxUKMn2gmLCoPXtI2Y=
=bCCW
-----END PGP SIGNATURE-----

Reply to:

Prev by Date: [SECURITY] [DLA 2737-1] openjdk-8 security update
Next by Date: [SECURITY] [DLA 2735-1] ceph security update
Previous by thread: [SECURITY] [DLA 2737-1] openjdk-8 security update
Next by thread: [SECURITY] [DLA 2735-1] ceph security update
Index(es):
- Date
- Thread