[SECURITY] Fedora 32 Update: adns-1.6.0-1.fc32

-------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2020-530188bf36 2020-07-01 01:48:22.588506 -------------------------------------------------------------------------------- Name : adns Product : Fedora 32 Version : 1.6.0 Release : 1.fc32 URL : http://www.chiark.greenend.org.uk/~ian/adns/ Summary : Advanced, easy to use, asynchronous-capable DNS client library Description : adns is a resolver library for C (and C++) programs. In contrast with the existing interfaces, gethostbyname et al and libresolv, it has the following features: - It is reasonably easy to use for simple programs which just want to translate names to addresses, look up MX records, etc. - It can be used in an asynchronous, non-blocking, manner. Many queries can be handled simultaneously. - Responses are decoded automatically into a natural representation for a C program - there is no need to deal with DNS packet formats. - Sanity checking (eg, name syntax checking, reverse/forward correspondence, CNAME pointing to CNAME) is performed automatically. - Time-to-live, CNAME and other similar information is returned in an easy-to-use form, without getting in the way. - There is no global state in the library; resolver state is an opaque data structure which the client creates explicitly. A program can have several instances of the resolver. - Errors are reported to the application in a way that distinguishes the various causes of failure properly. - Understands conventional resolv.conf, but this can overridden by environment variables. - Flexibility. For example, the application can tell adns to: ignore environment variables (for setuid programs), disable sanity checks eg to return arbitrary data, override or ignore resolv.conf in favour of supplied configuration, etc. - Believed to be correct ! For example, will correctly back off to TCP in case of long replies or queries, or to other nameservers if several are available. It has sensible handling of bad responses etc. -------------------------------------------------------------------------------- Update Information: New upstream release -------------------------------------------------------------------------------- ChangeLog: * Sun Jun 21 2020 S��rgio Basto <sergio(a)serjux.com&gt; - 1.6.0-1 - Update adns to 1.6.0 (#1846479) - Drop patch0, upstream fixed patch0 in another way -------------------------------------------------------------------------------- References: [ 1 ] Bug #1849772 - CVE-2017-9105 adns: pointer corruption when a nameserver speaks first because of a wrong number of pointer dereferences https://bugzilla.redhat.com/show_bug.cgi?id=1849772 [ 2 ] Bug #1849775 - CVE-2017-9103 adns: pap_mailbox822 does not properly check st from adns__findlabel_next https://bugzilla.redhat.com/show_bug.cgi?id=1849775 [ 3 ] Bug #1849777 - CVE-2017-9104 adns: uncontrolled resource consumption when a compression pointer loop is encountered https://bugzilla.redhat.com/show_bug.cgi?id=1849777 [ 4 ] Bug #1849779 - CVE-2017-9109 adns: out-of-bounds access when handling apparent answers https://bugzilla.redhat.com/show_bug.cgi?id=1849779 [ 5 ] Bug #1849782 - CVE-2017-9106 adns: lack of check for out-of-range integers values can lead to out-of-bounds access https://bugzilla.redhat.com/show_bug.cgi?id=1849782 [ 6 ] Bug #1849784 - CVE-2017-9107 adns: out-of-bounds read when a domain ends with backslash https://bugzilla.redhat.com/show_bug.cgi?id=1849784 [ 7 ] Bug #1849787 - CVE-2017-9108 adns: improper handling of a missing final newline on a stdin read https://bugzilla.redhat.com/show_bug.cgi?id=1849787 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2020-530188bf36' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys --------------------------------------------------------------------------------