Описание
Security update for libcares2
This update for libcares2 fixes the following issues:
- CVE-2017-1000381: A NAPTR parser out of bounds access was fixed that could lead to crashes. (bsc#1044946)
Список пакетов
SUSE Linux Enterprise Desktop 12 SP2
libcares2-1.9.1-8.1
libcares2-32bit-1.9.1-8.1
SUSE Linux Enterprise Server 12 SP2
libcares2-1.9.1-8.1
SUSE Linux Enterprise Server for Raspberry Pi 12 SP2
libcares2-1.9.1-8.1
SUSE Linux Enterprise Server for SAP Applications 12 SP2
libcares2-1.9.1-8.1
SUSE Linux Enterprise Software Development Kit 12 SP2
libcares-devel-1.9.1-8.1
SUSE Linux Enterprise Workstation Extension 12 SP2
libcares2-32bit-1.9.1-8.1
Ссылки
- Link for SUSE-SU-2017:1792-1
- E-Mail link for SUSE-SU-2017:1792-1
- SUSE Security Ratings
- SUSE Bug 1044946
- SUSE CVE CVE-2017-1000381 page
Описание
The c-ares function `ares_parse_naptr_reply()`, which is used for parsing NAPTR responses, could be triggered to read memory outside of the given input buffer if the passed in DNS response packet was crafted in a particular way.
Затронутые продукты
SUSE Linux Enterprise Desktop 12 SP2:libcares2-1.9.1-8.1
SUSE Linux Enterprise Desktop 12 SP2:libcares2-32bit-1.9.1-8.1
SUSE Linux Enterprise Server 12 SP2:libcares2-1.9.1-8.1
SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:libcares2-1.9.1-8.1
Ссылки
- CVE-2017-1000381
- SUSE Bug 1044946