Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

ALAS-2017-859

Related Vulnerabilities: CVE-2017-1000381  

The c-ares function `ares_parse_naptr_reply()`, which is used for parsing NAPTR responses, could be triggered to read memory outside of the given input buffer if the passed in DNS response packet was crafted in a particular way. ( CVE-2017-1000381 )

Source

ALAS-2017-859

Amazon Linux AMI Security Advisory: ALAS-2017-859
Advisory Release Date: 2017-07-20 01:22 Pacific
Advisory Updated Date: 2017-07-24 23:38 Pacific
Severity: Medium
References: CVE-2017-1000381 
Issue Overview:

The c-ares function `ares_parse_naptr_reply()`, which is used for parsing NAPTR responses, could be triggered to read memory outside of the given input buffer if the passed in DNS response packet was crafted in a particular way. ( CVE-2017-1000381 )


Affected Packages:

c-ares


Issue Correction:
Run yum update c-ares to update your system.

New Packages:
i686:
    c-ares-devel-1.13.0-1.5.amzn1.i686
    c-ares-debuginfo-1.13.0-1.5.amzn1.i686
    c-ares-1.13.0-1.5.amzn1.i686

src:
    c-ares-1.13.0-1.5.amzn1.src

x86_64:
    c-ares-devel-1.13.0-1.5.amzn1.x86_64
    c-ares-1.13.0-1.5.amzn1.x86_64
    c-ares-debuginfo-1.13.0-1.5.amzn1.x86_64

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook

Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started