Home / mailings [SECURITY] [DSA 6084-1] c-ares security update
Posted on 18 December 2025
Debian Security Advisory- -------------------------------------------------------------------------
Debian Security Advisory DSA-6084-1 security@debian.org
https://www.debian.org/security/ Salvatore Bonaccorso
December 18, 2025 https://www.debian.org/security/faq
- -------------------------------------------------------------------------
Package : c-ares
CVE ID : CVE-2025-62408
It was discovered that c-ares, a library that performs DNS requests and
name resolution asynchronously, does not properly handle termination of
queries which may result in denial of service.
For the stable distribution (trixie), this problem has been fixed in
version 1.34.5-1+deb13u1.
We recommend that you upgrade your c-ares packages.
For the detailed security status of c-ares please refer to its security
tracker page at:
https://security-tracker.debian.org/tracker/c-ares
Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/
Mailing list: debian-security-announce@lists.debian.org
