When cross-compiling c-ares and using the autotools build system, CARES_RANDOM_FILE will not be set, as seen when cross compiling aarch64 android. This will downgrade to using rand() as a fallback which could allow an attacker to take advantage of the lack of entropy by not using a CSPRNG. CVE-2023-31124. Low. AutoTools does not set CARES_RANDOM_FILE during cross compilation (https://github.com/c-ares/c-ares/security/advisories/GHSA-54xr-f67r-4pc4)
Created c-ares tracking bugs for this issue: Affects: fedora-all [bug 2209542] Created mingw-c-ares tracking bugs for this issue: Affects: fedora-all [bug 2209543] Created nodejs tracking bugs for this issue: Affects: epel-7 [bug 2209539] Created nodejs16 tracking bugs for this issue: Affects: fedora-all [bug 2209544] Created nodejs18 tracking bugs for this issue: Affects: fedora-all [bug 2209545] Created nodejs20 tracking bugs for this issue: Affects: fedora-all [bug 2209546] Created nodejs:13/nodejs tracking bugs for this issue: Affects: epel-8 [bug 2209540] Created nodejs:16-epel/nodejs tracking bugs for this issue: Affects: epel-8 [bug 2209541] Created nodejs:16/c-ares tracking bugs for this issue: Affects: fedora-all [bug 2209547]
This issue has been addressed in the following products: Red Hat Enterprise Linux 9 Via RHSA-2023:3577 https://access.redhat.com/errata/RHSA-2023:3577
This issue has been addressed in the following products: Red Hat Enterprise Linux 9 Via RHSA-2023:3586 https://access.redhat.com/errata/RHSA-2023:3586
This issue has been addressed in the following products: Red Hat Enterprise Linux 9.0 Extended Update Support Via RHSA-2023:4036 https://access.redhat.com/errata/RHSA-2023:4036
This issue has been addressed in the following products: Red Hat Software Collections for Red Hat Enterprise Linux 7 Via RHSA-2023:4039 https://access.redhat.com/errata/RHSA-2023:4039
This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2023:4035 https://access.redhat.com/errata/RHSA-2023:4035
This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2023:4034 https://access.redhat.com/errata/RHSA-2023:4034
This issue has been addressed in the following products: Red Hat Enterprise Linux 8.6 Extended Update Support Via RHSA-2023:4033 https://access.redhat.com/errata/RHSA-2023:4033
This issue has been addressed in the following products: Red Hat Enterprise Linux 9 Via RHSA-2023:6635 https://access.redhat.com/errata/RHSA-2023:6635