SUSE-SU-2021:14776-1

Опубликовано: 10 авг. 2021

Источник: suse-cvrf

Описание

Security update for libcares2

This update for libcares2 fixes the following issues:

CVE-2021-3672: Fixed input validation on hostnames (bsc#1188881).

Список пакетов

SUSE Linux Enterprise Point of Sale 11 SP3

libcares2-1.7.4-7.10.3.1

SUSE Linux Enterprise Server 11 SP4-LTSS

libcares2-1.7.4-7.10.3.1

Ссылки

https://www.suse.com/support/update/announcement/2021/suse-su-202114776-1/
Link for SUSE-SU-2021:14776-1
https://lists.suse.com/pipermail/sle-security-updates/2021-August/009278.html
E-Mail link for SUSE-SU-2021:14776-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings
https://bugzilla.suse.com/1188881
SUSE Bug 1188881
https://www.suse.com/security/cve/CVE-2021-3672/
SUSE CVE CVE-2021-3672 page

Описание

A flaw was found in c-ares library, where a missing input validation check of host names returned by DNS (Domain Name Servers) can lead to output of wrong hostnames which might potentially lead to Domain Hijacking. The highest threat from this vulnerability is to confidentiality and integrity as well as system availability.

Затронутые продукты

SUSE Linux Enterprise Point of Sale 11 SP3:libcares2-1.7.4-7.10.3.1

SUSE Linux Enterprise Server 11 SP4-LTSS:libcares2-1.7.4-7.10.3.1

Ссылки

https://www.suse.com/security/cve/CVE-2021-3672.html
CVE-2021-3672
https://bugzilla.suse.com/1188881
SUSE Bug 1188881
https://bugzilla.suse.com/1193099
SUSE Bug 1193099

SUSE-SU-2021:14776-1

Описание

Список пакетов

SUSE Linux Enterprise Point of Sale 11 SP3

SUSE Linux Enterprise Server 11 SP4-LTSS

Ссылки

Уязвимость: CVE-2021-3672

Описание

Затронутые продукты

Ссылки