English | Deutsch | Español | Português
 UserID:
 Passwd:
new user
 About:   Dedicated  | Advanced  | Standard  | Recurring  | No Risk  | Desktop  | Basic  | Single  | Security Seal  | FAQ
  Price/Feature Summary  | Order  | New Vulnerabilities  | Confidentiality  | Vulnerability Search
 Vulnerability   
Search   
    Search 102521 CVE descriptions
and 54701 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2007-0724
2007-06-27 18:52:48.812824
--------------------------------------------------------------------------------

Name        : c-ares
Product     : Fedora 7
Version     : 1.4.0
Release     : 1.fc7
Summary     : A library that performs asynchronous DNS operations
Description :
c-ares is a C library that performs DNS requests and name resolves
asynchronously. c-ares is a fork of the library named 'ares', written
by Greg Hudson at MIT.

--------------------------------------------------------------------------------
Update Information:

There is a vulnerability in c-ares < 1.4.0, caused by predictable DNS "Transaction ID" field in DNS queries and can be exploited to poison the DNS cache of an application using the library if a valid ID is guessed.

http://www.vuxml.org/freebsd/70ae62b0-16b0-11dc-b803-0016179b2dd5.html

--------------------------------------------------------------------------------
ChangeLog:

* Wed Jun 27 2007 Tom "spot" Callaway <tcallawa@redhat.com> 1.4.0-1
- bump to 1.4.0 (resolves bugzilla 243591)
- get rid of static library (.a)
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #243591
        https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=243591
  [ 2 ] CVE-2007-3152
        http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3152
  [ 3 ] CVE-2007-3153
        http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3153
--------------------------------------------------------------------------------
Updated packages:

29ed7108b5a0242460e8bc93c233044ef623271e c-ares-debuginfo-1.4.0-1.fc7.ppc64.rpm
0f04a638e762c369e1f7eac1cccb48a3d87a76b0 c-ares-devel-1.4.0-1.fc7.ppc64.rpm
b1084ac22aebcb635a1bde10fd909115dddca8be c-ares-1.4.0-1.fc7.ppc64.rpm
ec0827e85c2d436cf097a25b3aa297dcdc30ee45 c-ares-1.4.0-1.fc7.i386.rpm
8a3c5279f2ef72c417a52b1bc16904f147bc15c5 c-ares-devel-1.4.0-1.fc7.i386.rpm
377f6f417349c797c75d2f511245c13632fcc353 c-ares-debuginfo-1.4.0-1.fc7.i386.rpm
f75fef3876ed6ccd8ed663cd1fc87326e3cd8cef c-ares-1.4.0-1.fc7.x86_64.rpm
e4b06da02a547e248d13278e2f221be28bb8442b c-ares-debuginfo-1.4.0-1.fc7.x86_64.rpm
fe09780d4b02829aa100c7efec0664d434924190 c-ares-devel-1.4.0-1.fc7.x86_64.rpm
e79d2ddef1b78307b055f76ce7589ff1531c3db6 c-ares-1.4.0-1.fc7.ppc.rpm
a8162a44727d0696b75088d1093e4d5329c73577 c-ares-devel-1.4.0-1.fc7.ppc.rpm
9812fa7632651f070e2c3e0fae94ad4b67ab4fc7 c-ares-debuginfo-1.4.0-1.fc7.ppc.rpm
5ee5d1abd05992d6349c0ca61e5144a9f1a8e597 c-ares-1.4.0-1.fc7.src.rpm

This update can be installed with the 'yum' update program.  Use 'yum update
package-name' at the command line.  For more information, refer to 'Managing
Software with yum,' available at http://docs.fedoraproject.org/yum/.
--------------------------------------------------------------------------------

New User Registration
Email:
UserID:
Passwd:
Please email me your monthly newsletters, informing the latest services, improvements & surveys.
Please email me a vulnerability test announcement whenever a new test is added.
   Privacy
Registered User Login
 
UserID:   
Passwd:  

 Forgot userid or passwd?
Email/Userid:




Home | About Us | Contact Us | Partner Programs | Developer APIs | Privacy | Mailing Lists | Abuse
Security Audits | Managed DNS | Network Monitoring | Site Analyzer | Internet Research Reports
Web Probe | Whois

© 1998-2017 E-Soft Inc. All rights reserved.