[SECURITY] [DSA 6084-1] c-ares security update

To: debian-security-announce@lists.debian.org
Subject: [SECURITY] [DSA 6084-1] c-ares security update
From: Salvatore Bonaccorso <carnil@debian.org>
Date: Thu, 18 Dec 2025 13:49:37 +0000
Message-id: <[🔎] E1vWENt-004SoC-1A@seger.debian.org>
Reply-to: debian-security-announce-request@lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian Security Advisory DSA-6084-1                   security@debian.org
https://www.debian.org/security/                     Salvatore Bonaccorso
December 18, 2025                     https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : c-ares
CVE ID         : CVE-2025-62408

It was discovered that c-ares, a library that performs DNS requests and
name resolution asynchronously, does not properly handle termination of
queries which may result in denial of service.

For the stable distribution (trixie), this problem has been fixed in
version 1.34.5-1+deb13u1.

We recommend that you upgrade your c-ares packages.

For the detailed security status of c-ares please refer to its security
tracker page at:
https://security-tracker.debian.org/tracker/c-ares

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org
-----BEGIN PGP SIGNATURE-----

iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmlEA/JfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2
NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND
z0Tokg//d7GQSkLugksAU06vcwVBE6pn9f/DPHY2TuBb04Lu0xp/jAsxGrtuAmUY
zQlIhmUimdz05cUjrfZ0zIUcxrKU3KVr9QHcGkB6Dd2PC8gVII8qP78Ua+YVk5Xs
HARCCdAVdQbJtenr6w6GG/5NCJI2EW2OKHMZvr2F5jVnHLUs84nXRh4gFOw5hxfj
Vfp0IH3fIONodalu7cLSNKOaPy5Y+iAraZ3btJcGVGL1KMvpt130rZ+C2g59pw8i
Mntu/H03HfHA3/pg4hjpJgWpJImezqc2X+xDgEs7RdGqXLfaBQ6A2wduIf1eHp9j
Nd8vBZa62cMqqZN/AFPjwnpiFK53BSOL8/cON/IIpbwsVeKAv3AHWHGxYSmlz4X2
2lbOClPX6qN7THJ+ULz+4hKTJDOEGdm1CUKcHSgAyF/+Fc7jyT/KaGglBCQMEXpo
eEiE3CLkCexXEMacxAY1Y3K/2z7Hzi3IlIpo5fbLA2NDZj/sQdVSj1muGY57RdPV
12P1BYNbDpRF07+NiFEevxQGjn/vFhHapjYVahlG/OH7Lt58eDllWLYnqvH4Bw2g
u88qcaG7cxDqOZfV+o6IconD++S044dQwVKkIueO24Mu5pxyyq/8ws7fJgGyRsy/
4KDPa7qt/w/V42giGrqnKqB/alxU0sISfuaUQUUnXTFzRpnBdfg=
=e3jy
-----END PGP SIGNATURE-----

Reply to:

Prev by Date: [SECURITY] [DSA 6083-1] webkit2gtk security update
Next by Date: [SECURITY] [DSA 6085-1] mediawiki security update
Previous by thread: [SECURITY] [DSA 6083-1] webkit2gtk security update
Next by thread: [SECURITY] [DSA 6085-1] mediawiki security update
Index(es):
- Date
- Thread