Oval Definition:oval:org.opensuse.security:def:93970
Revision Date:2021-08-17Version:1
Title: (Important)
Description:

This update for c-ares fixes the following issues:

Version update to git snapshot 1.17.1+20200724:

- CVE-2021-3672: fixed missing input validation on hostnames returned by DNS servers (bsc#1188881) - If ares_getaddrinfo() was terminated by an ares_destroy(), it would cause crash - Crash in sortaddrinfo() if the list size equals 0 due to an unexpected DNS response - Expand number of escaped characters in DNS replies as per RFC1035 5.1 to prevent spoofing - Use unbuffered /dev/urandom for random data to prevent early startup performance issues
Family:unixClass:patch
Status:Reference(s):1188881
CVE-2014-3686
CVE-2015-1863
CVE-2015-4141
CVE-2015-4142
CVE-2015-4143
CVE-2015-4144
CVE-2015-4145
CVE-2015-4146
CVE-2015-5310
CVE-2015-5315
CVE-2015-5316
CVE-2016-4476
CVE-2016-4477
CVE-2017-13078
CVE-2017-13079
CVE-2017-13080
CVE-2017-13081
CVE-2017-13087
CVE-2017-13088
CVE-2018-14526
CVE-2021-3672
Platform(s):Image SLES15-SP4-Manager-Server-4-3-BYOS-Azure
SUSE Linux Enterprise Desktop 15 SP2
SUSE Linux Enterprise High Performance Computing 15 SP2
SUSE Linux Enterprise Module for Basesystem 15 SP2
SUSE Linux Enterprise Server 15 SP2
SUSE Linux Enterprise Server for SAP Applications 15 SP2
SUSE Linux Enterprise Storage 7
SUSE Manager Proxy 4.1
SUSE Manager Server 4.1
Product(s):
Definition Synopsis
  • SUSE Linux Enterprise Module for Basesystem 15 SP2 is installed
  • AND wpa_supplicant-2.6-4.17.1 is installed
  • Definition Synopsis
  • Image SLES15-SP4-Manager-Server-4-3-BYOS-Azure is installed
  • AND libcares2-1.17.1+20200724-3.14.1 is installed
  • BACK