[<prev] [next>] [day] [month] [year] [list]
Message-ID: <20080326221224.GI19435@outflux.net>
Date: Wed, 26 Mar 2008 15:12:24 -0700
From: Kees Cook <kees@...ntu.com>
To: ubuntu-security-announce@...ts.ubuntu.com
Cc: full-disclosure@...ts.grok.org.uk, bugtraq@...urityfocus.com
Subject: [USN-594-1] libnet-dns-perl vulnerability
===========================================================
Ubuntu Security Notice USN-594-1 March 26, 2008
libnet-dns-perl vulnerability
CVE-2007-6341
===========================================================
A security issue affects the following Ubuntu releases:
Ubuntu 6.06 LTS
Ubuntu 6.10
This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.
The problem can be corrected by upgrading your system to the
following package versions:
Ubuntu 6.06 LTS:
libnet-dns-perl 0.53-2ubuntu1.1
Ubuntu 6.10:
libnet-dns-perl 0.57-1ubuntu1.1
In general, a standard system upgrade is sufficient to effect the
necessary changes.
Details follow:
It was discovered that Net::DNS did not correctly validate the size
of DNS replies. A remote attacker could send a specially crafted DNS
response and cause applications using Net::DNS to abort, leading to a
denial of service.
Updated packages for Ubuntu 6.06 LTS:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/libn/libnet-dns-perl/libnet-dns-perl_0.53-2ubuntu1.1.diff.gz
Size/MD5: 7499 fe4560bfbbb777dbbbee424434cc9c6d
http://security.ubuntu.com/ubuntu/pool/main/libn/libnet-dns-perl/libnet-dns-perl_0.53-2ubuntu1.1.dsc
Size/MD5: 631 0ca3de3311a0b58937007bbd368af1e8
http://security.ubuntu.com/ubuntu/pool/main/libn/libnet-dns-perl/libnet-dns-perl_0.53.orig.tar.gz
Size/MD5: 119705 404797359373d4df1a025458ab1415f7
amd64 architecture (Athlon64, Opteron, EM64T Xeon):
http://security.ubuntu.com/ubuntu/pool/main/libn/libnet-dns-perl/libnet-dns-perl_0.53-2ubuntu1.1_amd64.deb
Size/MD5: 232824 8f4dcf603986c1e8da2e783b303b038c
i386 architecture (x86 compatible Intel/AMD):
http://security.ubuntu.com/ubuntu/pool/main/libn/libnet-dns-perl/libnet-dns-perl_0.53-2ubuntu1.1_i386.deb
Size/MD5: 232530 b9224ad2f4adfb556f2543897c12993e
powerpc architecture (Apple Macintosh G3/G4/G5):
http://security.ubuntu.com/ubuntu/pool/main/libn/libnet-dns-perl/libnet-dns-perl_0.53-2ubuntu1.1_powerpc.deb
Size/MD5: 234400 c25cb13ab7e4d5ac37fa41c5f54888c0
sparc architecture (Sun SPARC/UltraSPARC):
http://security.ubuntu.com/ubuntu/pool/main/libn/libnet-dns-perl/libnet-dns-perl_0.53-2ubuntu1.1_sparc.deb
Size/MD5: 232654 30ceef5c3308959dee0b235426a3003d
Updated packages for Ubuntu 6.10:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/libn/libnet-dns-perl/libnet-dns-perl_0.57-1ubuntu1.1.diff.gz
Size/MD5: 7490 8e887005c738b65919afdbbf5b7c3a07
http://security.ubuntu.com/ubuntu/pool/main/libn/libnet-dns-perl/libnet-dns-perl_0.57-1ubuntu1.1.dsc
Size/MD5: 631 de5fda4c9524a1482cdd555bb39b3897
http://security.ubuntu.com/ubuntu/pool/main/libn/libnet-dns-perl/libnet-dns-perl_0.57.orig.tar.gz
Size/MD5: 131596 9511a7052e553f2a29a5bae32c20bc44
amd64 architecture (Athlon64, Opteron, EM64T Xeon):
http://security.ubuntu.com/ubuntu/pool/main/libn/libnet-dns-perl/libnet-dns-perl_0.57-1ubuntu1.1_amd64.deb
Size/MD5: 246344 4f215d062b4c6c7fe11bf2a021e33936
i386 architecture (x86 compatible Intel/AMD):
http://security.ubuntu.com/ubuntu/pool/main/libn/libnet-dns-perl/libnet-dns-perl_0.57-1ubuntu1.1_i386.deb
Size/MD5: 246264 89f0a8a441aec2b8b751f5f41ccdd9a4
powerpc architecture (Apple Macintosh G3/G4/G5):
http://security.ubuntu.com/ubuntu/pool/main/libn/libnet-dns-perl/libnet-dns-perl_0.57-1ubuntu1.1_powerpc.deb
Size/MD5: 247938 784827f2594fc6b31f4c9aa41544ee77
sparc architecture (Sun SPARC/UltraSPARC):
http://security.ubuntu.com/ubuntu/pool/main/libn/libnet-dns-perl/libnet-dns-perl_0.57-1ubuntu1.1_sparc.deb
Size/MD5: 246174 3827f2c4e876f2a3aec8501e36a60bc3
Download attachment "signature.asc" of type "application/pgp-signature" (190 bytes)
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists