USN-594-1: libnet-dns-perl vulnerability
Posted on: 03/26/2008 11:35 PM

A new libnet-dns-perl vulnerability update is available for Ubuntu Linux. Here the announcement:

Ubuntu Security Notice USN-594-1 March 26, 2008
libnet-dns-perl vulnerability
CVE-2007-6341
==========================
==========================
=========

A security issue affects the following Ubuntu releases:

Ubuntu 6.06 LTS
Ubuntu 6.10

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 6.06 LTS:
libnet-dns-perl 0.53-2ubuntu1.1

Ubuntu 6.10:
libnet-dns-perl 0.57-1ubuntu1.1

In general, a standard system upgrade is sufficient to effect the
necessary changes.

Details follow:

It was discovered that Net: :DNS did not correctly validate the size
of DNS replies. A remote attacker could send a specially crafted DNS
response and cause applications using Net: :DNS to abort, leading to a
denial of service.


Updated packages for Ubuntu 6.06 LTS:

Source archives:

http://security.ubuntu.com/ubuntu/pool/main/libn/libnet-dns-perl/libnet=
-dns-perl_0.53-2ubuntu1.1.diff.gz
Size/MD5: 7499 fe4560bfbbb777dbbbee424434cc9c6d
http://security.ubuntu.com/ubuntu/pool/main/libn/libnet-dns-perl/libnet=
-dns-perl_0.53-2ubuntu1.1.dsc
Size/MD5: 631 0ca3de3311a0b58937007bbd368af1e8
http://security.ubuntu.com/ubuntu/pool/main/libn/libnet-dns-perl/libnet=
-dns-perl_0.53.orig.tar.gz
Size/MD5: 119705 404797359373d4df1a025458ab1415f7

amd64 architecture (Athlon64, Opteron, EM64T Xeon):

http://security.ubuntu.com/ubuntu/pool/main/libn/libnet-dns-perl/libnet=
-dns-perl_0.53-2ubuntu1.1_amd64.deb
Size/MD5: 232824 8f4dcf603986c1e8da2e783b303b038c

i386 architecture (x86 compatible Intel/AMD):

http://security.ubuntu.com/ubuntu/pool/main/libn/libnet-dns-perl/libnet=
-dns-perl_0.53-2ubuntu1.1_i386.deb
Size/MD5: 232530 b9224ad2f4adfb556f2543897c12993e

powerpc architecture (Apple Macintosh G3/G4/G5):

http://security.ubuntu.com/ubuntu/pool/main/libn/libnet-dns-perl/libnet=
-dns-perl_0.53-2ubuntu1.1_powerpc.deb
Size/MD5: 234400 c25cb13ab7e4d5ac37fa41c5f54888c0

sparc architecture (Sun SPARC/UltraSPARC):

http://security.ubuntu.com/ubuntu/pool/main/libn/libnet-dns-perl/libnet=
-dns-perl_0.53-2ubuntu1.1_sparc.deb
Size/MD5: 232654 30ceef5c3308959dee0b235426a3003d

Updated packages for Ubuntu 6.10:

Source archives:

http://security.ubuntu.com/ubuntu/pool/main/libn/libnet-dns-perl/libnet=
-dns-perl_0.57-1ubuntu1.1.diff.gz
Size/MD5: 7490 8e887005c738b65919afdbbf5b7c3a07
http://security.ubuntu.com/ubuntu/pool/main/libn/libnet-dns-perl/libnet=
-dns-perl_0.57-1ubuntu1.1.dsc
Size/MD5: 631 de5fda4c9524a1482cdd555bb39b3897
http://security.ubuntu.com/ubuntu/pool/main/libn/libnet-dns-perl/libnet=
-dns-perl_0.57.orig.tar.gz
Size/MD5: 131596 9511a7052e553f2a29a5bae32c20bc44

amd64 architecture (Athlon64, Opteron, EM64T Xeon):

http://security.ubuntu.com/ubuntu/pool/main/libn/libnet-dns-perl/libnet=
-dns-perl_0.57-1ubuntu1.1_amd64.deb
Size/MD5: 246344 4f215d062b4c6c7fe11bf2a021e33936

i386 architecture (x86 compatible Intel/AMD):

http://security.ubuntu.com/ubuntu/pool/main/libn/libnet-dns-perl/libnet=
-dns-perl_0.57-1ubuntu1.1_i386.deb
Size/MD5: 246264 89f0a8a441aec2b8b751f5f41ccdd9a4

powerpc architecture (Apple Macintosh G3/G4/G5):

http://security.ubuntu.com/ubuntu/pool/main/libn/libnet-dns-perl/libnet=
-dns-perl_0.57-1ubuntu1.1_powerpc.deb
Size/MD5: 247938 784827f2594fc6b31f4c9aa41544ee77

sparc architecture (Sun SPARC/UltraSPARC):

http://security.ubuntu.com/ubuntu/pool/main/libn/libnet-dns-perl/libnet=
-dns-perl_0.57-1ubuntu1.1_sparc.deb
Size/MD5: 246174 3827f2c4e876f2a3aec8501e36a60bc3


--XF85m9dhOBO43t/C
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: Digital signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)

iD8DBQFH6spIH/9LqRcGPm0RAqh5AJkB8JrZ/bDBnfqa72RTtwhHitHwkACeLx76
X+r6H7odzgQTTnjBQs241jM=
=b/Ug
-----END PGP SIGNATURE-----



Printed from Linux Compatible (http://www.linuxcompatible.org/news/story/usn_594_1_libnet_dns_perl_vulnerability.html)