Issued:

2012-06-20

Updated:

2012-06-20

RHBA-2012:0922 - c-ares bug fix update

Synopsis

c-ares bug fix update

Type/Severity

Bug Fix Advisory

Topic

Updated c-ares packages that fix several bugs are now available for Red Hat Enterprise Linux 6.

Description

The c-ares C library defines asynchronous DNS (Domain Name System) requests and provides name resolving API.

This update fixes the following bugs:

• Previously, when searching for AF_UNSPEC or AF_INET6 address families, the c-ares library fell back to the AF_INET family if no AF_INET6 addresses were found. Consequently, IPv4 addresses were returned even if only IPv6 addresses were requested. With this update, c-ares performs the fallback only when searching for AF_UNSPEC addresses. (BZ#730695)

• The ares_parse_a_reply() function leaked memory when the user attempted to parse an invalid reply. With this update, the allocated memory is freed properly and the memory leak no longer occurs. (BZ#730693)

• A switch statement inside the ares_malloc_data() public function was missing a terminating break statement. This could result in unpredictable behavior and sometimes the application terminated unexpectedly. This update adds the missing switch statement and the ares_malloc_data() function now works as intended. (BZ#713133)

• When parsing SeRVice (SRV) record queries, c-ares was accessing memory incorrectly on architectures that require data to be aligned in memory. This caused the program to terminate unexpectedly with the SIGBUS signal. With this update, c-ares has been modified to access the memory correctly in the scenario described. (BZ#695426)

• Previously, the ares_gethostbyname manual page did not document the ARES_ENODATA error code as a valid and expected error code. With this update, the manual page has been modified accordingly. (BZ#640944)

All users of c-ares are advised to upgrade to these updated packages, which fix these bugs.

Solution

Before applying this update, make sure all previously-released errata relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/knowledge/articles/11258/

Affected Products

Updated Packages

• c-ares-1.7.0-6.el6.ppc.rpm
• c-ares-devel-1.7.0-6.el6.ppc.rpm
• c-ares-devel-1.7.0-6.el6.s390x.rpm
• c-ares-debuginfo-1.7.0-6.el6.i686.rpm
• c-ares-1.7.0-6.el6.s390.rpm
• c-ares-1.7.0-6.el6.s390x.rpm
• c-ares-devel-1.7.0-6.el6.i686.rpm
• c-ares-debuginfo-1.7.0-6.el6.s390x.rpm
• c-ares-debuginfo-1.7.0-6.el6.x86_64.rpm
• c-ares-1.7.0-6.el6.i686.rpm
• c-ares-debuginfo-1.7.0-6.el6.ppc.rpm
• c-ares-1.7.0-6.el6.x86_64.rpm
• c-ares-debuginfo-1.7.0-6.el6.s390.rpm
• c-ares-debuginfo-1.7.0-6.el6.ppc64.rpm
• c-ares-devel-1.7.0-6.el6.ppc64.rpm
• c-ares-1.7.0-6.el6.ppc64.rpm
• c-ares-devel-1.7.0-6.el6.x86_64.rpm
• c-ares-devel-1.7.0-6.el6.s390.rpm
• c-ares-1.7.0-6.el6.src.rpm

Fixes

• This content is not included.BZ - 640944
• This content is not included.BZ - 695426
• This content is not included.BZ - 713133
• This content is not included.BZ - 730693
• This content is not included.BZ - 730695

CVEs

(none)

References

(none)

Additional information

• The Red Hat security contact is This content is not included.secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.
• Offline Security Data data is available for integration with other systems. See Offline Security Data API to get started.