Bugzilla – Bug 1220279
VUL-0: CVE-2024-25629: c-ares: out of bounds read in ares__read_line()
Last modified: 2024-07-12 16:31:13 UTC
|ares__read_line()|is used to parse local configuration files such as|/etc/resolv.conf|,|/etc/nsswitch.conf|, the|HOSTALIASES|file, and if using a c-ares version prior to 1.22.0, the|/etc/hosts|file. If any of these configuration files has an embedded|NULL|character as the first character in a new line, it can lead... References: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2024-25629 https://seclists.org/oss-sec/2024/q1/157 https://github.com/c-ares/c-ares/security/advisories/GHSA-mg26-v6qh-x48q Patch: https://github.com/c-ares/c-ares/commit/a804c04ddc8245fc8adf0e92368709639125e183
Tracking as affected: - SUSE:ALP:Source:Standard:1.0/c-ares 1.19.1 - SUSE:SLE-15:Update/c-ares 1.19.1 - openSUSE:Factory/c-ares 1.26.0
Also affected is libcares2 in SLE-12
This is an autogenerated message for OBS integration: This bug (1220279) was mentioned in https://build.opensuse.org/request/show/1151588 Factory / c-ares
SUSE-SU-2024:1136-1: An update that solves one vulnerability can now be installed. Category: security (moderate) Bug References: 1220279 CVE References: CVE-2024-25629 Maintenance Incident: [SUSE:Maintenance:32784](https://smelt.suse.de/incident/32784/) Sources used: openSUSE Leap Micro 5.3 (src): c-ares-1.19.1-150000.3.26.1 openSUSE Leap Micro 5.4 (src): c-ares-1.19.1-150000.3.26.1 openSUSE Leap 15.5 (src): c-ares-1.19.1-150000.3.26.1 SUSE Linux Enterprise Micro for Rancher 5.3 (src): c-ares-1.19.1-150000.3.26.1 SUSE Linux Enterprise Micro 5.3 (src): c-ares-1.19.1-150000.3.26.1 SUSE Linux Enterprise Micro for Rancher 5.4 (src): c-ares-1.19.1-150000.3.26.1 SUSE Linux Enterprise Micro 5.4 (src): c-ares-1.19.1-150000.3.26.1 SUSE Linux Enterprise Micro 5.5 (src): c-ares-1.19.1-150000.3.26.1 Basesystem Module 15-SP5 (src): c-ares-1.19.1-150000.3.26.1 SUSE Linux Enterprise Micro 5.1 (src): c-ares-1.19.1-150000.3.26.1 SUSE Linux Enterprise Micro 5.2 (src): c-ares-1.19.1-150000.3.26.1 SUSE Linux Enterprise Micro for Rancher 5.2 (src): c-ares-1.19.1-150000.3.26.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
SUSE-SU-2024:1135-1: An update that solves one vulnerability can now be installed. Category: security (moderate) Bug References: 1220279 CVE References: CVE-2024-25629 Maintenance Incident: [SUSE:Maintenance:32783](https://smelt.suse.de/incident/32783/) Sources used: SUSE Linux Enterprise Software Development Kit 12 SP5 (src): libcares2-1.9.1-9.21.1 SUSE Linux Enterprise High Performance Computing 12 SP5 (src): libcares2-1.9.1-9.21.1 SUSE Linux Enterprise Server 12 SP5 (src): libcares2-1.9.1-9.21.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5 (src): libcares2-1.9.1-9.21.1 SUSE Linux Enterprise Workstation Extension 12 12-SP5 (src): libcares2-1.9.1-9.21.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
SUSE-SU-2024:1136-2: An update that solves one vulnerability can now be installed. Category: security (moderate) Bug References: 1220279 CVE References: CVE-2024-25629 Maintenance Incident: [SUSE:Maintenance:32784](https://smelt.suse.de/incident/32784/) Sources used: SUSE Linux Enterprise Micro 5.5 (src): c-ares-1.19.1-150000.3.26.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.