c-ares: fix CVE-2023-32067 - linux/meta-openembedded.git - Mirror of git.openembedded.org/meta-openembedded

diff options

author	Urade, Yogita t.mo <Yogita.Urade@windriver.com>	2023-06-09 14:35:05 +0000
committer	Armin Kuster <akuster808@gmail.com>	2023-06-15 08:10:11 -0400
commit	fec772d55fa6003e9a87b3b2413905ff57f077fb (patch)
tree	e0e4c5026e6ba6c9680c5b32eec6b0f2a454f461 /meta-python/recipes-devtools/python/python3-sqlparse/0001-sqlparse-change-shebang-to-python3.patch
parent	5fb3554563dd46c731fd21b38923b6b7f3554686 (diff)
download	meta-openembedded-fec772d55fa6003e9a87b3b2413905ff57f077fb.tar.gz

c-ares: fix CVE-2023-32067

c-ares is an asynchronous resolver library. c-ares is vulnerable to denial of service. If a target resolver sends a query, the attacker forges a malformed UDP packet with a length of 0 and returns them to the target resolver. The target resolver erroneously interprets the 0 length as a graceful shutdown of the connection. This issue has been patched in version 1.19.1. References: https://nvd.nist.gov/vuln/detail/CVE-2023-32067 https://github.com/c-ares/c-ares/security/advisories/GHSA-9g78-jv2r-p7vc Signed-off-by: Yogita Urade <yogita.urade@windriver.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>

Diffstat (limited to 'meta-python/recipes-devtools/python/python3-sqlparse/0001-sqlparse-change-shebang-to-python3.patch')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: