Issued:: 2023-11-14
Updated:: 2023-11-14

RHSA-2023:7207 - Security Advisory

Overview
Updated Packages

Synopsis

Moderate: c-ares security update

Type/Severity

Security Advisory: Moderate

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for c-ares is now available for Red Hat Enterprise Linux 8.

Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

The c-ares C library defines asynchronous DNS (Domain Name System) requests and provides name resolving API.

Security Fix(es):

c-ares: Heap buffer over read in ares_parse_soa_reply (CVE-2020-22217)
c-ares: Buffer Underwrite in ares_inet_net_pton() (CVE-2023-31130)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

Affected Products

Red Hat Enterprise Linux for x86_64 8 x86_64
Red Hat Enterprise Linux for IBM z Systems 8 s390x
Red Hat Enterprise Linux for Power, little endian 8 ppc64le
Red Hat Enterprise Linux for ARM 64 8 aarch64

Fixes

BZ - 2209497 - CVE-2023-31130 c-ares: Buffer Underwrite in ares_inet_net_pton()
BZ - 2235527 - CVE-2020-22217 c-ares: Heap buffer over read in ares_parse_soa_reply

CVEs

References

https://access.redhat.com/security/updates/classification/#moderate

Note: More recent versions of these packages may be available. Click a package name for more details.

Red Hat Enterprise Linux for x86_64 8

SRPM
c-ares-1.13.0-9.el8_9.1.src.rpm	SHA-256: 0b2121db8f823a55f2f90dbd11095dcd45b9df663a3ebc9761479e90c737c27d
x86_64
c-ares-1.13.0-9.el8_9.1.i686.rpm	SHA-256: 3fb0d8a2a36897abb06455bb388175bb9ca97394fd934e7658bc43972232ac4f
c-ares-1.13.0-9.el8_9.1.x86_64.rpm	SHA-256: 0fc5a755e1d9a0dfc1c1d6b9aa32eb63edf2e4841fa18e25ddab42b851b5af00
c-ares-debuginfo-1.13.0-9.el8_9.1.i686.rpm	SHA-256: 65022cde5e58187c3f1613813d40f457e7ef5c4edac07c6dabe20182373d9625
c-ares-debuginfo-1.13.0-9.el8_9.1.x86_64.rpm	SHA-256: 7869eb76db1683f661db10b485f6653b3e72a3bad9c6d2c3c17d381cfa4808c0
c-ares-debugsource-1.13.0-9.el8_9.1.i686.rpm	SHA-256: 6b8df42660714856b410c9d810f9b8047c53e7c686903874a2183644db2dba6c
c-ares-debugsource-1.13.0-9.el8_9.1.x86_64.rpm	SHA-256: 9502931caabafd7ad66cab77f520792f50670b15b250175b651381fc4f03f868
c-ares-devel-1.13.0-9.el8_9.1.i686.rpm	SHA-256: 4641eb1b555ab1a309224de034be9374c99e0ed8fd3d6747ab5a3b6ebca335e6
c-ares-devel-1.13.0-9.el8_9.1.x86_64.rpm	SHA-256: 6782702c21f46ed091096b025e617170adbf7234a0fc5d79d8ded747a0270d81

Red Hat Enterprise Linux for IBM z Systems 8

SRPM
c-ares-1.13.0-9.el8_9.1.src.rpm	SHA-256: 0b2121db8f823a55f2f90dbd11095dcd45b9df663a3ebc9761479e90c737c27d
s390x
c-ares-1.13.0-9.el8_9.1.s390x.rpm	SHA-256: ca95396fa7b32eaf19fd887dac3bdaa4b7767b5f00f927eb9ff4bbccb697435d
c-ares-debuginfo-1.13.0-9.el8_9.1.s390x.rpm	SHA-256: 6396ce5c12662f424ac0dd99fb5b1641c72960349f90ff675943201a8d3062c0
c-ares-debugsource-1.13.0-9.el8_9.1.s390x.rpm	SHA-256: 0b29cc63cabec9a6c7448bd5caf988520e401779cdb0daf4e91a1464e17666de
c-ares-devel-1.13.0-9.el8_9.1.s390x.rpm	SHA-256: e1fd14788ae952ee92634852873be4b7a82d68ef0eb612780adb773fb9ebd7aa

Red Hat Enterprise Linux for Power, little endian 8

SRPM
c-ares-1.13.0-9.el8_9.1.src.rpm	SHA-256: 0b2121db8f823a55f2f90dbd11095dcd45b9df663a3ebc9761479e90c737c27d
ppc64le
c-ares-1.13.0-9.el8_9.1.ppc64le.rpm	SHA-256: 8a5ad9c685b6c29f9254a40fd1fd40d61da8d32f599eb56f1f8f08c68267b529
c-ares-debuginfo-1.13.0-9.el8_9.1.ppc64le.rpm	SHA-256: cfc7e161cbb858568ee11e5619573cdf9a05d28ea299d73ce6593439dac7b3de
c-ares-debugsource-1.13.0-9.el8_9.1.ppc64le.rpm	SHA-256: cfbd1d5fb929610aa9236dddc41bb9015107f355c1f266d363d52068475b06f8
c-ares-devel-1.13.0-9.el8_9.1.ppc64le.rpm	SHA-256: 602699b18237723e928fe8ed75a6d9dc5125384f740b6b2bb3847ca556c24281

Red Hat Enterprise Linux for ARM 64 8

SRPM
c-ares-1.13.0-9.el8_9.1.src.rpm	SHA-256: 0b2121db8f823a55f2f90dbd11095dcd45b9df663a3ebc9761479e90c737c27d
aarch64
c-ares-1.13.0-9.el8_9.1.aarch64.rpm	SHA-256: 601f418d95373a3fd665abb706ddb9e7a2ce51b0b378da8c51a4fdea97324f71
c-ares-debuginfo-1.13.0-9.el8_9.1.aarch64.rpm	SHA-256: b09e8416b07fd230ef2a5f44ed42a9a9b6f7dd3f597fa248982395027a6f8c55
c-ares-debugsource-1.13.0-9.el8_9.1.aarch64.rpm	SHA-256: 8646ceb5ac8a5bee4f4696c50787d8aa3f18f2fef7f5378178da84a7ab8c9b37
c-ares-devel-1.13.0-9.el8_9.1.aarch64.rpm	SHA-256: 4907fc86569e17ae74352f19b9580bf203c1d00e52161ded98ea947d756cf46d

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.

Select Your Language

Infrastructure and Management

Cloud Computing

Storage

Runtimes

Integration and Automation