ELSA-2023-7207 Moderate: Oracle Linux 8 c-ares security update
Oracle Linux Security Advisory ELSA-2023-7207
http://linux.oracle.com/errata/ELSA-2023-7207.html
The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network:
x86_64:
c-ares-1.13.0-9.el8_9.1.i686.rpm
c-ares-1.13.0-9.el8_9.1.x86_64.rpm
c-ares-devel-1.13.0-9.el8_9.1.i686.rpm
c-ares-devel-1.13.0-9.el8_9.1.x86_64.rpm
aarch64:
c-ares-1.13.0-9.el8_9.1.aarch64.rpm
c-ares-devel-1.13.0-9.el8_9.1.aarch64.rpm
SRPMS:
http://oss.oracle.com/ol8/SRPMS-updates//c-ares-1.13.0-9.el8_9.1.src.rpm
Related CVEs:
CVE-2020-22217
CVE-2023-31130
Description of changes:
[1.13.0-9.1]
- Resolves: RHEL-11931 - Buffer Underwrite in ares_inet_net_pton() [rhel-8.9.0.z]
[1.13.0-9]
- Resolves: rhbz#2238293 - CVE-2020-22217 c-ares: read-heap-buffer-overflow in ares_parse_soa_reply [rhel-8] [rhel-8.9.0.z]
A c-ares security update has been released for Oracle Linux 8.