QID 198455

Date Published: 2021-08-16

QID 198455: Ubuntu Security Notification for c-ares vulnerability (USN-5034-1)

C-ares incorrectly validated certain hostnames returned by dns servers.

Note: The preceding description block is extracted directly from the security advisory. Using automation, we have attempted to clean and format it as much as possible without introducing additional issues.

a remote attacker could possibly use this issue to perform domain hijacking attacks..

  • CVSS V3 rated as Medium - 4.2 severity.
  • CVSS V2 rated as Medium - 5.4 severity.
  • Solution
    Refer to Ubuntu advisory: USN-5034-1 for affected packages and patching details, or update with your package manager.
    Vendor References

    CVEs related to QID 198455

    Software Advisories
    Advisory ID Software Component Link
    USN-5034-1 Ubuntu Linux URL Logo usn.ubuntu.com/5034-1