Overview

File _patchinfo of Package patchinfo.29074

<patchinfo incident="29074">
  <issue tracker="cve" id="2023-31124"/>
  <issue tracker="cve" id="2023-32067"/>
  <issue tracker="cve" id="2023-31147"/>
  <issue tracker="cve" id="2023-31130"/>
  <issue tracker="bnc" id="1211604">VUL-0: CVE-2023-32067: c-ares: 0-byte UDP payload causes Denial of Service</issue>
  <issue tracker="bnc" id="1211607">VUL-0: CVE-2023-31124: c-ares: AutoTools does not set CARES_RANDOM_FILE during cross compilation</issue>
  <issue tracker="bnc" id="1211605">VUL-0: CVE-2023-31147: c-ares: Insufficient randomness in generation of DNS query IDs</issue>
  <issue tracker="bnc" id="1211606">VUL-0: CVE-2023-31130: c-ares: Buffer Underwrite in ares_inet_net_pton()</issue>
  <packager>adamm</packager>
  <rating>important</rating>
  <category>security</category>
  <summary>Security update for c-ares</summary>
  <description>This update for c-ares fixes the following issues:

Update to version 1.19.1:

- CVE-2023-32067: 0-byte UDP payload causes Denial of Service (bsc#1211604)
- CVE-2023-31147: Insufficient randomness in generation of DNS query IDs (bsc#1211605)
- CVE-2023-31130: Buffer Underwrite in ares_inet_net_pton() (bsc#1211606)
- CVE-2023-31124: AutoTools does not set CARES_RANDOM_FILE during cross compilation (bsc#1211607)
- Fix uninitialized memory warning in test
- ares_getaddrinfo() should allow a port of 0
- Fix memory leak in ares_send() on error
- Fix comment style in ares_data.h
- Fix typo in ares_init_options.3
- Sync ax_pthread.m4 with upstream
- Sync ax_cxx_compile_stdcxx_11.m4 with upstream to fix uclibc support 
</description>
</patchinfo>
openSUSE Build Service is sponsored by
Places