Описание
Security update for c-ares
This update for c-ares fixes the following issues:
- Version update to 1.17.0
- CVE-2020-8277: Fixed a Denial of Service through DNS request (bsc#1178882)
- For further details see https://c-ares.haxx.se/changelog.html
This update was imported from the SUSE:SLE-15:Update update project.
Список пакетов
openSUSE Leap 15.1
c-ares-devel-1.17.0-lp151.3.6.1
c-ares-utils-1.17.0-lp151.3.6.1
libcares2-1.17.0-lp151.3.6.1
libcares2-32bit-1.17.0-lp151.3.6.1
Ссылки
- E-Mail link for openSUSE-SU-2020:2045-1
- SUSE Security Ratings
- SUSE Bug 1178882
- SUSE CVE CVE-2020-8277 page
Описание
A Node.js application that allows an attacker to trigger a DNS request for a host of their choice could trigger a Denial of Service in versions < 15.2.1, < 14.15.1, and < 12.19.1 by getting the application to resolve a DNS record with a larger number of responses. This is fixed in 15.2.1, 14.15.1, and 12.19.1.
Затронутые продукты
openSUSE Leap 15.1:c-ares-devel-1.17.0-lp151.3.6.1
openSUSE Leap 15.1:c-ares-utils-1.17.0-lp151.3.6.1
openSUSE Leap 15.1:libcares2-1.17.0-lp151.3.6.1
openSUSE Leap 15.1:libcares2-32bit-1.17.0-lp151.3.6.1
Ссылки
- CVE-2020-8277
- SUSE Bug 1178882