-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Package : c-ares Version : 1.9.1-3+deb7u1 CVE ID : CVE-2016-5180 Debian Bug : 839151
Gzob Qq discovered that the query-building functions in c-ares, an asynchronous DNS request library would not correctly process crafted query names, resulting in a heap buffer overflow and potentially leading to arbitrary code execution. For Debian 7 "Wheezy", these problems have been fixed in version 1.9.1-3+deb7u1. We recommend that you upgrade your c-ares packages. Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS -----BEGIN PGP SIGNATURE----- iQJ8BAEBCgBmBQJX9p43XxSAAAAAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXRBQ0YzRDA4OEVGMzJFREVGNkExQTgzNUZE OUFEMTRCOTUxM0I1MUU0AAoJENmtFLlRO1HkGbAP/23aNrDR0KCPWuALOuIWMRBs Z6jbZSQFy0OWjNkS0shH15M/XR6aRj0IHbH3mRn+4BoM96xlM80ZbB274bKJiBwD hF5bA+xnzPtUgIxOWkRo3bsynkW6g7HL3mqXHj60oLzFVHOrrmUXRNfnMIN45r3S oudF7A5tce5yZKetzG4ftOTDoJwvDwAWh0UYpt3up8830Oe6qiiARIomlzhMWR7J 1PZ5PXE4TFZUTAwGtQsIMvTAd9FzDHwaie64G/tyg2xojDM2yWNLCkmcqKPFzwIs noQpQSh+OluV1J16e5HfFB3ZUoY9OUyTFY7g6WC1K5ysoPoo456+fagLb5YCjrqJ n+18QIiCJnqHR2mNm1Ulo6n+DNct+1nKHIbnEN+hOfzBF/33y3QvR64XH7N0Lhu/ 0ekYSGY6wksFP5XLPp/gzdDMohBW17vMKbx9xW6wnEJUGn8aRuojmcIihshcZz2e bg4bwMU20lDRKQ27+Pftm7nUhUw6up1Cp1fj6LHFxYO8+g408ucn7A+NI1Ai5Knv xAZraf4DJY3fKVBawkiHXfHiHG0huqMe1VhV/NW5YC5ae6LdqKASVvibvq5FXa2F DWtY2wBnAxijGNqM7uKSYQG0InC+Qo7JEddeftrZ9u6OKREApuJHXeTZWpAbVRu4 7sehCeZxEB2GZultOpeR =KRt7 -----END PGP SIGNATURE-----