[Technik] [SECURITY] [DSA 1515-1] New libnet-dns-perl packages fix several vulnerabilities

Noèl Köthe noel at debian.org
Mon Mar 17 17:31:09 CET 2008 

Am Dienstag, den 11.03.2008, 23:17 +0100 schrieb Florian Weimer:

> Debian Security Advisory DSA-1515-1                  security at debian.org
> http://www.debian.org/security/                           Florian Weimer
> March 11, 2008                        http://www.debian.org/security/faq
> 
> Package        : libnet-dns-perl
> Vulnerability  : several
> Problem type   : remote
> Debian-specific: no
> CVE Id(s)      : CVE-2007-3377 CVE-2007-3409 CVE-2007-6341
> Debian Bug     : 457445

libnet-dns-perl auf h01, h02, h03, h04, h51, h52, cupa, cree und wasco
aktualisiert.

> For the stable distribution (etch), these problems have been fixed in
> version 0.59-1etch1.

changelog:
libnet-dns-perl (0.59-1etch1) stable-security; urgency=high

  * Malformed A records could lead to a Perl exception and program crash
    (CVE-2007-6341).  Closes: #457445.
  * A very weak random number generator was used for transaction IDs
    (CVE-2007-3377).
    Perl's rand() is used in the patch against this vulnerability--it is
    initialized from /dev/urandom, but the underlying LCG has only got 48
    bits of state, so at the very least, a brute-force attack is still
    possible if an attacker has got three subsequently generated
    transaction IDs.
  * The Perl implementation of dn_expand could recurse infinitely
    (CVE-2007-3409).  (On Debian systems, the C version is typically
    used.)

 -- Florian Weimer <fw at deneb.enyo.de>  Fri, 07 Mar 2008 22:17:33 +0100

> For the old stable distribution (sarge), these problems have been fixed in
> version 0.48-1sarge1.

changelog:
libnet-dns-perl (0.48-1sarge1) oldstable-security; urgency=high

  * Malformed A records could lead to a Perl exception and program crash
    (CVE-2007-6341).  Closes: #457445.
  * A very weak random number generator was used for transaction IDs
    (CVE-2007-3377).
    Perl's rand() is used in the patch against this vulnerability--it is
    initialized from /dev/urandom, but the underlying LCG has only got 48
    bits of state, so at the very least, a brute-force attack is still
    possible if an attacker has got three subsequently generated
    transaction IDs.
  * The Perl implementation of dn_expand could recurse infinitely
    (CVE-2007-3409).  (On Debian systems, the C version is typically
    used.)

 -- Florian Weimer <fw at deneb.enyo.de>  Fri, 07 Mar 2008 23:03:36 +0100

-- 
Noèl Köthe <noel debian.org>
Debian GNU/Linux, www.debian.org
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Dies ist ein digital signierter Nachrichtenteil
Url : /archiv/technik/attachments/20080317/b1d9d901/attachment.pgp

More information about the Technik mailing list