ELS for OS
- CVEs
- Releases
- Projects
- Documentation
Live Patches
ELS for PHP
- CVEs
- Releases
- Projects
- Documentation
ELS for Python
- CVEs
- Releases
- Projects
- Documentation
ELS for Dotnet
- CVEs
- Releases
- Projects
- Documentation
ELS for Node.js
- CVEs
- Releases
- Projects
- Documentation

Release Info

Advisory: CLSA-2025:1744721593

OS: AlmaLinux 9.2 ESU

Public date: 2025-04-15 12:53:16

Project: c-ares

Version: 1.17.1-5.el9_2.1.tuxcare.els3

Errata link: https://errata.tuxcare.com/els_os/almalinux9.2esu/CLSA-2025-1744721593.html

Changelog

- CVE-2024-25629: fix invalid memory read issue in ares__read_line() - CVE-2023-31130: fix buffer underflow in ares_inet_net_pton() for certain ipv6 addresses - CVE-2023-31147: fix issue of using weak random numbers in DNS query ids by replacing rand() with a modern OS-provided CSPRNG like arc4random() - CVE-2023-31124: prevent fallback to rand() for entropy generation which could allow an attacker to take advantage of the lack of entropy by not using a CSPRNG.

Update

Update command: dnf update c-ares*

Packages list

c-ares-1.17.1-5.el9_2.1.tuxcare.els3.i686.rpm c-ares-1.17.1-5.el9_2.1.tuxcare.els3.x86_64.rpm c-ares-devel-1.17.1-5.el9_2.1.tuxcare.els3.i686.rpm c-ares-devel-1.17.1-5.el9_2.1.tuxcare.els3.x86_64.rpm

CVEs