=========================================================== Ubuntu Security Notice USN-594-1 March 26, 2008 libnet-dns-perl vulnerability CVE-2007-6341 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 6.06 LTS Ubuntu 6.10 This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 6.06 LTS: libnet-dns-perl 0.53-2ubuntu1.1 Ubuntu 6.10: libnet-dns-perl 0.57-1ubuntu1.1 In general, a standard system upgrade is sufficient to effect the necessary changes. Details follow: It was discovered that Net::DNS did not correctly validate the size of DNS replies. A remote attacker could send a specially crafted DNS response and cause applications using Net::DNS to abort, leading to a denial of service. Updated packages for Ubuntu 6.06 LTS: Source archives: http://security.ubuntu.com/ubuntu/pool/main/libn/libnet-dns-perl/libnet-dns-perl_0.53-2ubuntu1.1.diff.gz Size/MD5: 7499 fe4560bfbbb777dbbbee424434cc9c6d http://security.ubuntu.com/ubuntu/pool/main/libn/libnet-dns-perl/libnet-dns-perl_0.53-2ubuntu1.1.dsc Size/MD5: 631 0ca3de3311a0b58937007bbd368af1e8 http://security.ubuntu.com/ubuntu/pool/main/libn/libnet-dns-perl/libnet-dns-perl_0.53.orig.tar.gz Size/MD5: 119705 404797359373d4df1a025458ab1415f7 amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/libn/libnet-dns-perl/libnet-dns-perl_0.53-2ubuntu1.1_amd64.deb Size/MD5: 232824 8f4dcf603986c1e8da2e783b303b038c i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/libn/libnet-dns-perl/libnet-dns-perl_0.53-2ubuntu1.1_i386.deb Size/MD5: 232530 b9224ad2f4adfb556f2543897c12993e powerpc architecture (Apple Macintosh G3/G4/G5): http://security.ubuntu.com/ubuntu/pool/main/libn/libnet-dns-perl/libnet-dns-perl_0.53-2ubuntu1.1_powerpc.deb Size/MD5: 234400 c25cb13ab7e4d5ac37fa41c5f54888c0 sparc architecture (Sun SPARC/UltraSPARC): http://security.ubuntu.com/ubuntu/pool/main/libn/libnet-dns-perl/libnet-dns-perl_0.53-2ubuntu1.1_sparc.deb Size/MD5: 232654 30ceef5c3308959dee0b235426a3003d Updated packages for Ubuntu 6.10: Source archives: http://security.ubuntu.com/ubuntu/pool/main/libn/libnet-dns-perl/libnet-dns-perl_0.57-1ubuntu1.1.diff.gz Size/MD5: 7490 8e887005c738b65919afdbbf5b7c3a07 http://security.ubuntu.com/ubuntu/pool/main/libn/libnet-dns-perl/libnet-dns-perl_0.57-1ubuntu1.1.dsc Size/MD5: 631 de5fda4c9524a1482cdd555bb39b3897 http://security.ubuntu.com/ubuntu/pool/main/libn/libnet-dns-perl/libnet-dns-perl_0.57.orig.tar.gz Size/MD5: 131596 9511a7052e553f2a29a5bae32c20bc44 amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/libn/libnet-dns-perl/libnet-dns-perl_0.57-1ubuntu1.1_amd64.deb Size/MD5: 246344 4f215d062b4c6c7fe11bf2a021e33936 i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/libn/libnet-dns-perl/libnet-dns-perl_0.57-1ubuntu1.1_i386.deb Size/MD5: 246264 89f0a8a441aec2b8b751f5f41ccdd9a4 powerpc architecture (Apple Macintosh G3/G4/G5): http://security.ubuntu.com/ubuntu/pool/main/libn/libnet-dns-perl/libnet-dns-perl_0.57-1ubuntu1.1_powerpc.deb Size/MD5: 247938 784827f2594fc6b31f4c9aa41544ee77 sparc architecture (Sun SPARC/UltraSPARC): http://security.ubuntu.com/ubuntu/pool/main/libn/libnet-dns-perl/libnet-dns-perl_0.57-1ubuntu1.1_sparc.deb Size/MD5: 246174 3827f2c4e876f2a3aec8501e36a60bc3