Oval Definition:	oval:org.opensuse.security:def:202331124
Revision Date: 2023-06-22 Version: 1 Title: CVE-2023-31124 Description: c-ares is an asynchronous resolver library. When cross-compiling c-ares and using the autotools build system, CARES_RANDOM_FILE will not be set, as seen when cross compiling aarch64 android. This will downgrade to using rand() as a fallback which could allow an attacker to take advantage of the lack of entropy by not using a CSPRNG. This issue was patched in version 1.19.1. Family: unix Class: vulnerability Status: Reference(s): Mitre CVE-2023-31124 SUSE CVE-2023-31124 SUSE-CU-2023:1678-1 SUSE-CU-2023:1679-1 SUSE-IU-2023:337-1 SUSE-IU-2023:338-1 SUSE-IU-2023:347-1 SUSE-IU-2023:348-1 SUSE-IU-2023:349-1 SUSE-SU-2023:2313-1 SUSE-SU-2023:2477-1 Platform(s): SUSE Linux Enterprise Desktop 15 SP5 SUSE Linux Enterprise High Performance Computing 15 SP5 SUSE Linux Enterprise Module for Basesystem 15 SP5 SUSE Linux Enterprise Server 15 SP5 SUSE Linux Enterprise Server for SAP Applications 15 SP5 Product(s): Definition Synopsis Release Information SUSE Linux Enterprise Desktop 15 SP5 is installed OR SUSE Linux Enterprise High Performance Computing 15 SP5 is installed OR SUSE Linux Enterprise Module for Basesystem 15 SP5 is installed OR SUSE Linux Enterprise Server 15 SP5 is installed OR SUSE Linux Enterprise Server for SAP Applications 15 SP5 is installed AND Package Information c-ares-devel-1.19.1-150000.3.23.1 is installed OR libcares2-1.19.1-150000.3.23.1 is installed
BACK