Advisories

Mandriva Advisories

Package name	perl-Net-DNS
Date	July 12th, 2007
Advisory ID	MDKSA-2007:146
Affected versions	CS3.0, 2007.0, CS4.0, 2007.1
Synopsis	Updated perl-Net-DNS packages fix multiple vulnerabilities

Problem Description

A flaw was discovered in the perl Net::DNS module in the way it
generated the ID field in a DNS query. Because it is so predictable,
a remote attacker could exploit this to return invalid DNS data
(CVE-2007-3377).

A denial of service vulnerability was found in how Net::DNS parsed
certain DNS requests. A malformed response to a DNS request could
cause the application using Net::DNS to crash or stop responding
(CVE-2007-3409).

The updated packages have been patched to prevent these issues.

Updated Packages

Corporate Server 3.0

 338edc98b82b661a4245c8dfdea463fa  corporate/3.0/i586/perl-Net-DNS-0.39-2.1.C30mdk.i586.rpm 
 eeeb5c182365d9726f36326892065015  corporate/3.0/SRPMS/perl-Net-DNS-0.39-2.1.C30mdk.src.rpm

Corporate Server 3.0/X86_64

 e47654bec20760643ce0e4d7b78ab394  corporate/3.0/x86_64/perl-Net-DNS-0.39-2.1.C30mdk.x86_64.rpm 
 eeeb5c182365d9726f36326892065015  corporate/3.0/SRPMS/perl-Net-DNS-0.39-2.1.C30mdk.src.rpm

Mandriva Linux 2007

 92d215a4965bb8d944c030cf1dd73a11  2007.0/i586/perl-Net-DNS-0.58-1.1mdv2007.0.i586.rpm 
 06c1dd9d596004e261a9706060a4c167  2007.0/SRPMS/perl-Net-DNS-0.58-1.1mdv2007.0.src.rpm

Mandriva Linux 2007/X86_64

 34bc7cfb39bd239dea991559a05f66b7  2007.0/x86_64/perl-Net-DNS-0.58-1.1mdv2007.0.x86_64.rpm 
 06c1dd9d596004e261a9706060a4c167  2007.0/SRPMS/perl-Net-DNS-0.58-1.1mdv2007.0.src.rpm

Corporate Server 4.0

 51e6714b343575136bf296a495c32de3  corporate/4.0/i586/perl-Net-DNS-0.52-1.1.20060mlcs4.i586.rpm 
 862ceacd8ba656dee551039d5074dd46  corporate/4.0/SRPMS/perl-Net-DNS-0.52-1.1.20060mlcs4.src.rpm

Corporate Server 4.0/X86_64

 99cb67c8f400c7f826ce63702e863508  corporate/4.0/x86_64/perl-Net-DNS-0.52-1.1.20060mlcs4.x86_64.rpm 
 862ceacd8ba656dee551039d5074dd46  corporate/4.0/SRPMS/perl-Net-DNS-0.52-1.1.20060mlcs4.src.rpm

Mandriva Linux 2007.1

 cd6db816556ae5f3c172dafb5ee98002  2007.1/i586/perl-Net-DNS-0.59-1.1mdv2007.1.i586.rpm 
 dc954016fe3924ab2a362285cd780636  2007.1/SRPMS/perl-Net-DNS-0.59-1.1mdv2007.1.src.rpm

Mandriva Linux 2007.1/X86_64

 d9cbd72d34d8eab851473716740290f3  2007.1/x86_64/perl-Net-DNS-0.59-1.1mdv2007.1.x86_64.rpm 
 dc954016fe3924ab2a362285cd780636  2007.1/SRPMS/perl-Net-DNS-0.59-1.1mdv2007.1.src.rpm

References

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3377
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3409

Upgrade

To upgrade automatically, use MandrivaUpdate.

Verification

Please verify the update prior to upgrading to ensure the integrity of the downloaded package. You can do this with the command :

                rpm --checksig package.rpm

You can get the GPG public key of the Mandriva Security Team to verify the GPG signature of each RPM.

If you use MandrivaUpdate, the verification of md5 checksum and GPG signature is performed automatically for you.

URL:

https://mandriva.com/security/advisories

Short link:

https://mandriva.com/content/view/full/1075

Intersites Menu

Mandriva

Tools

Top menu

Advisories

Footer