| Package | c-ares |
|---|---|
| Version | 1.10.0-2+deb8u3 |
| Related CVEs | CVE-2021-3672 |
An issue has been found in c-ares, an asynchronous name resolver. Missing input validation of host names returned by Domain Name Servers can lead to output of wrong hostnames.
For Debian 8 jessie, these problems have been fixed in version 1.10.0-2+deb8u3.
We recommend that you upgrade your c-ares packages.
Further information about Extended LTS security advisories can be found in the dedicated section of our website.