| Revision Date: | 2021-08-17 | Version: | 1 |
| Title: | Security update for c-ares (Important) |
| Description: |
This update for c-ares fixes the following issues:
Version update to git snapshot 1.17.1+20200724:
- CVE-2021-3672: fixed missing input validation on hostnames returned by DNS servers (bsc#1188881) - If ares_getaddrinfo() was terminated by an ares_destroy(), it would cause crash - Crash in sortaddrinfo() if the list size equals 0 due to an unexpected DNS response - Expand number of escaped characters in DNS replies as per RFC1035 5.1 to prevent spoofing - Use unbuffered /dev/urandom for random data to prevent early startup performance issues
|
| Family: | unix | Class: | patch |
| Status: | | Reference(s): | 1188881
CVE-2021-3672
SUSE-SU-2021:2760-1
|
| Platform(s): | SUSE Linux Enterprise Desktop 15 SP2
SUSE Linux Enterprise High Performance Computing 15 SP2
SUSE Linux Enterprise Module for Basesystem 15 SP2
SUSE Linux Enterprise Server 15 SP2
SUSE Linux Enterprise Server for SAP Applications 15 SP2
SUSE Linux Enterprise Storage 7
SUSE Manager Proxy 4.1
SUSE Manager Server 4.1
| Product(s): | |
| Definition Synopsis |
| SUSE Linux Enterprise Module for Basesystem 15 SP2 is installed AND Package Information
c-ares-devel-1.17.1+20200724-3.14.1 is installed
OR libcares2-1.17.1+20200724-3.14.1 is installed
|