Security update for libcares2 SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2016:2960-1 Final 1 1 2016-12-01T10:43:37Z current 2016-12-01T10:43:37Z 2016-12-01T10:43:37Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for libcares2 This update for libcares2 fixes the following issues: - ares_create_query() single byte out of buffer write (CVE-2016-5180, boo#1007728) The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) http://lists.opensuse.org/opensuse-updates/2016-12/msg00000.html E-Mail link for openSUSE-SU-2016:2960-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings openSUSE 13.2 libcares-devel-1.10.0-2.3.1 libcares2-1.10.0-2.3.1 libcares2-32bit-1.10.0-2.3.1 libcares2-debuginfo-1.10.0-2.3.1 libcares2-debuginfo-32bit-1.10.0-2.3.1 libcares2-debugsource-1.10.0-2.3.1 libcares-devel-1.10.0-2.3.1 as a component of openSUSE 13.2 libcares2-1.10.0-2.3.1 as a component of openSUSE 13.2 libcares2-32bit-1.10.0-2.3.1 as a component of openSUSE 13.2 libcares2-debuginfo-1.10.0-2.3.1 as a component of openSUSE 13.2 libcares2-debuginfo-32bit-1.10.0-2.3.1 as a component of openSUSE 13.2 libcares2-debugsource-1.10.0-2.3.1 as a component of openSUSE 13.2 Heap-based buffer overflow in the ares_create_query function in c-ares 1.x before 1.12.0 allows remote attackers to cause a denial of service (out-of-bounds write) or possibly execute arbitrary code via a hostname with an escaped trailing dot. CVE-2016-5180 openSUSE 13.2:libcares-devel-1.10.0-2.3.1 openSUSE 13.2:libcares2-1.10.0-2.3.1 openSUSE 13.2:libcares2-32bit-1.10.0-2.3.1 openSUSE 13.2:libcares2-debuginfo-1.10.0-2.3.1 openSUSE 13.2:libcares2-debuginfo-32bit-1.10.0-2.3.1 openSUSE 13.2:libcares2-debugsource-1.10.0-2.3.1 moderate 4.9 AV:N/AC:L/Au:N/C:N/I:N/A:P Please Install the update. http://lists.opensuse.org/opensuse-updates/2016-12/msg00000.html https://www.suse.com/security/cve/CVE-2016-5180.html CVE-2016-5180 https://bugzilla.suse.com/1007728 SUSE Bug 1007728