Home / mailings [USN-7925-1] c-ares vulnerability
Posted on 11 December 2025
Ubuntu Security==========================================================================Ubuntu Security Notice USN-7925-1
December 11, 2025
c-ares vulnerability
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 25.10
- Ubuntu 25.04
Summary:
c-ares could be made to crash if it received specially crafted queries.
Software Description:
- c-ares: library for asynchronous name resolution
Details:
It was discovered that c-ares incorrectly handled terminating certain
queries after a maximum number of attempts. An attacker could possibly use
this issue to cause c-ares to crash, resulting in a denial of service.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 25.10
libcares2 1.34.5-1ubuntu0.1
Ubuntu 25.04
libcares2 1.34.4-2.1ubuntu0.2
In general, a standard system update will make all the necessary changes.
References:
https://ubuntu.com/security/notices/USN-7925-1
CVE-2025-62408
Package Information:
https://launchpad.net/ubuntu/+source/c-ares/1.34.5-1ubuntu0.1
https://launchpad.net/ubuntu/+source/c-ares/1.34.4-2.1ubuntu0.2
--===============0455296000671150956==Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
