lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <20080326221224.GI19435@outflux.net>
Date: Wed, 26 Mar 2008 15:12:24 -0700
From: Kees Cook <kees@...ntu.com>
To: ubuntu-security-announce@...ts.ubuntu.com
Cc: full-disclosure@...ts.grok.org.uk, bugtraq@...urityfocus.com
Subject: [USN-594-1] libnet-dns-perl vulnerability

=========================================================== 
Ubuntu Security Notice USN-594-1             March 26, 2008
libnet-dns-perl vulnerability
CVE-2007-6341
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 6.06 LTS
Ubuntu 6.10

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 6.06 LTS:
  libnet-dns-perl                 0.53-2ubuntu1.1

Ubuntu 6.10:
  libnet-dns-perl                 0.57-1ubuntu1.1

In general, a standard system upgrade is sufficient to effect the
necessary changes.

Details follow:

It was discovered that Net::DNS did not correctly validate the size
of DNS replies.  A remote attacker could send a specially crafted DNS
response and cause applications using Net::DNS to abort, leading to a
denial of service.


Updated packages for Ubuntu 6.06 LTS:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/libn/libnet-dns-perl/libnet-dns-perl_0.53-2ubuntu1.1.diff.gz
      Size/MD5:     7499 fe4560bfbbb777dbbbee424434cc9c6d
    http://security.ubuntu.com/ubuntu/pool/main/libn/libnet-dns-perl/libnet-dns-perl_0.53-2ubuntu1.1.dsc
      Size/MD5:      631 0ca3de3311a0b58937007bbd368af1e8
    http://security.ubuntu.com/ubuntu/pool/main/libn/libnet-dns-perl/libnet-dns-perl_0.53.orig.tar.gz
      Size/MD5:   119705 404797359373d4df1a025458ab1415f7

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):

    http://security.ubuntu.com/ubuntu/pool/main/libn/libnet-dns-perl/libnet-dns-perl_0.53-2ubuntu1.1_amd64.deb
      Size/MD5:   232824 8f4dcf603986c1e8da2e783b303b038c

  i386 architecture (x86 compatible Intel/AMD):

    http://security.ubuntu.com/ubuntu/pool/main/libn/libnet-dns-perl/libnet-dns-perl_0.53-2ubuntu1.1_i386.deb
      Size/MD5:   232530 b9224ad2f4adfb556f2543897c12993e

  powerpc architecture (Apple Macintosh G3/G4/G5):

    http://security.ubuntu.com/ubuntu/pool/main/libn/libnet-dns-perl/libnet-dns-perl_0.53-2ubuntu1.1_powerpc.deb
      Size/MD5:   234400 c25cb13ab7e4d5ac37fa41c5f54888c0

  sparc architecture (Sun SPARC/UltraSPARC):

    http://security.ubuntu.com/ubuntu/pool/main/libn/libnet-dns-perl/libnet-dns-perl_0.53-2ubuntu1.1_sparc.deb
      Size/MD5:   232654 30ceef5c3308959dee0b235426a3003d

Updated packages for Ubuntu 6.10:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/libn/libnet-dns-perl/libnet-dns-perl_0.57-1ubuntu1.1.diff.gz
      Size/MD5:     7490 8e887005c738b65919afdbbf5b7c3a07
    http://security.ubuntu.com/ubuntu/pool/main/libn/libnet-dns-perl/libnet-dns-perl_0.57-1ubuntu1.1.dsc
      Size/MD5:      631 de5fda4c9524a1482cdd555bb39b3897
    http://security.ubuntu.com/ubuntu/pool/main/libn/libnet-dns-perl/libnet-dns-perl_0.57.orig.tar.gz
      Size/MD5:   131596 9511a7052e553f2a29a5bae32c20bc44

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):

    http://security.ubuntu.com/ubuntu/pool/main/libn/libnet-dns-perl/libnet-dns-perl_0.57-1ubuntu1.1_amd64.deb
      Size/MD5:   246344 4f215d062b4c6c7fe11bf2a021e33936

  i386 architecture (x86 compatible Intel/AMD):

    http://security.ubuntu.com/ubuntu/pool/main/libn/libnet-dns-perl/libnet-dns-perl_0.57-1ubuntu1.1_i386.deb
      Size/MD5:   246264 89f0a8a441aec2b8b751f5f41ccdd9a4

  powerpc architecture (Apple Macintosh G3/G4/G5):

    http://security.ubuntu.com/ubuntu/pool/main/libn/libnet-dns-perl/libnet-dns-perl_0.57-1ubuntu1.1_powerpc.deb
      Size/MD5:   247938 784827f2594fc6b31f4c9aa41544ee77

  sparc architecture (Sun SPARC/UltraSPARC):

    http://security.ubuntu.com/ubuntu/pool/main/libn/libnet-dns-perl/libnet-dns-perl_0.57-1ubuntu1.1_sparc.deb
      Size/MD5:   246174 3827f2c4e876f2a3aec8501e36a60bc3


Download attachment "signature.asc" of type "application/pgp-signature" (190 bytes)

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ