-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Package : c-ares Version : 1.9.1-3+deb7u2 CVE ID : CVE-2017-1000381
CVE-2017-1000381 The c-ares function ares_parse_naptr_reply(), which is used for parsing NAPTR responses, could be triggered to read memory outside of the given input buffer if the passed in DNS response packet was crafted in a particular way. For Debian 7 "Wheezy", these problems have been fixed in version 1.9.1-3+deb7u2. We recommend that you upgrade your c-ares packages. Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iQJ8BAEBCgBmBQJZTCTeXxSAAAAAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXQ2MjAxRkJGRkRCQkRFMDc4MjJFQUJCOTY5 NkZDQUMwRDM4N0I1ODQ3AAoJEJb8rA04e1hHvWYP/2IN6rEtVlPO0HNhU75/38xZ ybaw0ne57wfe+BSyuChPimJpi+QBfOofA3IdgMvSbLujUjr9bfmTOi8cIjarUla7 +a90i32/csjdD0UvqFQL9rCYA1iV8p7lorCUNOUlm6I5qQuJ/GU0FND3lfZXyYNx FYFd75JqIC5Qq63VmW5xlCz/KqYLbbxHiXJk+kyXwxGtHZJuj2br965FzkBM7EF8 2gomWFRX1+AEQ85g6OSQWZx++61KWgtxXq7aHw1xLtwgQL0QPSJ1HJ8ZsmQYiY7N 97HSj3VqT4W+QBvM72fIkHU92GvKOb9TvsSsXlXDzFyrMugj8TydwYH2X2WrdNg6 X1iCzGh6yK/1NyYQQIFN0Q3yRwNYjA2lsvZ/EyzqWWKRLxq6aFWjJSAmtdVh4Sda LFrJXLd7S9lH1RyKMY5G/+ByXqBudQyC6XPJCKH2yV7uZZx0/A+cAM+CCWfLuQF3 Qsmj4Gjpwt46HZpYx2LeZUDyJ0tVZ2tSrYFnn2xZiv7D4w/FUTJONgRMxHa15g55 PJFJ/RwRvV2PNQaqmYzpsJIacsS356r5PNO5HFpmE2Mka5kWQ8DmPsZqisxnd23n 89kqh7SsLxg4hxAS3ITLsKTXmXygmUmw5AAhx/5YfxBKPbKZm6uCjryrr2C09w/R XEzdGAWZ2C/3y8JVM1SJ =wBmv -----END PGP SIGNATURE-----