[SECURITY] [DSA 1627-1] New PowerDNS packages reduce DNS spoofing risk

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------
Debian Security Advisory DSA-1628-1                  security@xxxxxxxxxx
http://www.debian.org/security/                           Florian Weimer
August 10, 2008                       http://www.debian.org/security/faq
- ------------------------------------------------------------------------

Package        : pdns
Problem type   : remote
Debian-specific: no
CVE Id(s)      : CVE-2008-3337

Brian Dowling discovered that the PowerDNS authoritative name server
does not respond to DNS queries which contain certain characters,
increasing the risk of successful DNS spoofing (CVE-2008-3337).  This
update changes PowerDNS to respond with SERVFAIL responses instead.

For the stable distribution (etch), this problem has been fixed in version 
2.9.20-8+etch1.

For the unstable distribution (sid), this problem has been fixed in
version 2.9.21.1-1.

We recommend that you upgrade your pdns package.

Upgrade instructions
- --------------------

wget url
        will fetch the file for you
dpkg -i file.deb
        will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
        will update the internal database
apt-get upgrade
        will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.


Debian GNU/Linux 4.0 alias etch
- -------------------------------

Source archives:

  http://security.debian.org/pool/updates/main/p/pdns/pdns_2.9.20-8+etch1.dsc
    Size/MD5 checksum:     1137 0a41ec265f82fce6d439919cdae6001a
  http://security.debian.org/pool/updates/main/p/pdns/pdns_2.9.20-8+etch1.diff.gz
    Size/MD5 checksum:    51420 bb972467332e6122cee9d363ca55ad2e
  http://security.debian.org/pool/updates/main/p/pdns/pdns_2.9.20.orig.tar.gz
    Size/MD5 checksum:   861879 66b3d3847f91e9ac3d13bdb8ddabfc7b

Architecture independent packages:

  http://security.debian.org/pool/updates/main/p/pdns/pdns_2.9.20-8+etch1_all.deb
    Size/MD5 checksum:    18402 ce1890128198b2924ec047c6fc4cd986
  http://security.debian.org/pool/updates/main/p/pdns/pdns-doc_2.9.20-8+etch1_all.deb
    Size/MD5 checksum:   151286 ee2289703f9bc5a55ec2610309f638d8

alpha architecture (DEC Alpha)

  http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-geo_2.9.20-8+etch1_alpha.deb
    Size/MD5 checksum:   128498 662065c9d72d1ce6010322203c0de483
  http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-pipe_2.9.20-8+etch1_alpha.deb
    Size/MD5 checksum:   101180 ed93c993121ef29ea27aec3e51ae780a
  http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-ldap_2.9.20-8+etch1_alpha.deb
    Size/MD5 checksum:   270198 7ea2ed079ca10c956bf85ce86cc4b91f
  http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-sqlite_2.9.20-8+etch1_alpha.deb
    Size/MD5 checksum:    80612 66cdb0206efd5384a6c12059bed6a810
  http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-pgsql_2.9.20-8+etch1_alpha.deb
    Size/MD5 checksum:    89786 5b5b81b0b2b5a652047c8b5843f853a5
  http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-mysql_2.9.20-8+etch1_alpha.deb
    Size/MD5 checksum:    85122 7b27de3ebd7f6b97b56aac71b724bf74
  http://security.debian.org/pool/updates/main/p/pdns/pdns-server_2.9.20-8+etch1_alpha.deb
    Size/MD5 checksum:   809372 9de5122e1f69aafe84e9cfa5804223c5

amd64 architecture (AMD x86_64 (AMD64))

  http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-geo_2.9.20-8+etch1_amd64.deb
    Size/MD5 checksum:   105322 1f82a2e47996af30eaf4cbb3790d8595
  http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-pgsql_2.9.20-8+etch1_amd64.deb
    Size/MD5 checksum:    72704 11d22cf7210db662e8667784f07aa5f3
  http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-ldap_2.9.20-8+etch1_amd64.deb
    Size/MD5 checksum:   216888 8568e7c10fa743b1b94d84a5d65be8b4
  http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-mysql_2.9.20-8+etch1_amd64.deb
    Size/MD5 checksum:    69118 297d560f7fc926151fb3e7e48840e279
  http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-sqlite_2.9.20-8+etch1_amd64.deb
    Size/MD5 checksum:    65954 4ce9ab913782ad2285e1a729f73bfb77
  http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-pipe_2.9.20-8+etch1_amd64.deb
    Size/MD5 checksum:    81000 62ea289801afba9d82d57647a5b69a1e
  http://security.debian.org/pool/updates/main/p/pdns/pdns-server_2.9.20-8+etch1_amd64.deb
    Size/MD5 checksum:   700178 466d9d5a83f8f54346bcfef8594482cb

arm architecture (ARM)

  http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-sqlite_2.9.20-8+etch1_arm.deb
    Size/MD5 checksum:    72396 1cdaa3e1e9b6f9c0fc4c0d6ebd4431cc
  http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-geo_2.9.20-8+etch1_arm.deb
    Size/MD5 checksum:   113774 f9e6a066829b4ab17cacb06da5115c97
  http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-pgsql_2.9.20-8+etch1_arm.deb
    Size/MD5 checksum:    79256 ae1f671e2546d03ee244ca08a6cd7739
  http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-ldap_2.9.20-8+etch1_arm.deb
    Size/MD5 checksum:   245716 a914afcf74e95b26e87a2982ea339318
  http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-mysql_2.9.20-8+etch1_arm.deb
    Size/MD5 checksum:    76732 ed38f9dea0d74cfac026951d532eb2dc
  http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-pipe_2.9.20-8+etch1_arm.deb
    Size/MD5 checksum:    88456 5e573619f814e75190dfbd5d18684cbe
  http://security.debian.org/pool/updates/main/p/pdns/pdns-server_2.9.20-8+etch1_arm.deb
    Size/MD5 checksum:   834670 4f9ff6e1b22d5ebe6a2cee9cfab9f333

hppa architecture (HP PA RISC)

  http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-pipe_2.9.20-8+etch1_hppa.deb
    Size/MD5 checksum:    89188 c7d85f3d66651f9b27b10ccc26bc56c4
  http://security.debian.org/pool/updates/main/p/pdns/pdns-server_2.9.20-8+etch1_hppa.deb
    Size/MD5 checksum:   779220 b1ce1b8f19c577b0ee4f2a1ee08237e7
  http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-sqlite_2.9.20-8+etch1_hppa.deb
    Size/MD5 checksum:    71462 8a979586b26e57bcb275eaa418e82984
  http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-mysql_2.9.20-8+etch1_hppa.deb
    Size/MD5 checksum:    74914 c8b1db6a6eb2a04ea29ec760e4ee8e9d
  http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-geo_2.9.20-8+etch1_hppa.deb
    Size/MD5 checksum:   116772 5fc7175897c29277345d6f17a2163976
  http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-pgsql_2.9.20-8+etch1_hppa.deb
    Size/MD5 checksum:    78590 c6f85e199a17cb460e0c68c89b0bd964
  http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-ldap_2.9.20-8+etch1_hppa.deb
    Size/MD5 checksum:   241084 fe36e0a467697245f7a7311da13525aa

i386 architecture (Intel ia32)

  http://security.debian.org/pool/updates/main/p/pdns/pdns-server_2.9.20-8+etch1_i386.deb
    Size/MD5 checksum:   708666 36483e99ba35b15425455a4a89dafe08
  http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-pgsql_2.9.20-8+etch1_i386.deb
    Size/MD5 checksum:    70008 10aecf8368afb6c194e1a1820655d3fd
  http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-mysql_2.9.20-8+etch1_i386.deb
    Size/MD5 checksum:    66474 18efd44bd3b34fbc402f4d0226e82f3b
  http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-ldap_2.9.20-8+etch1_i386.deb
    Size/MD5 checksum:   217716 0c9b86c448fe9842e93048dc4fcbbd1c
  http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-sqlite_2.9.20-8+etch1_i386.deb
    Size/MD5 checksum:    63686 f849a4d00ed60c49955a408ca6881fae
  http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-pipe_2.9.20-8+etch1_i386.deb
    Size/MD5 checksum:    78932 3d9391be91d78616516bf7634ee97a18
  http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-geo_2.9.20-8+etch1_i386.deb
    Size/MD5 checksum:   105212 1ae9f44fef55b966568e29c057f6f87f

ia64 architecture (Intel ia64)

  http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-sqlite_2.9.20-8+etch1_ia64.deb
    Size/MD5 checksum:    77244 4d91e45c77bb38a41982e93e2479757d
  http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-ldap_2.9.20-8+etch1_ia64.deb
    Size/MD5 checksum:   282342 57d8d9dcd767e37894d0f9f894e386e6
  http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-geo_2.9.20-8+etch1_ia64.deb
    Size/MD5 checksum:   130856 f13b6a20419dbafda9cd00905149170c
  http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-mysql_2.9.20-8+etch1_ia64.deb
    Size/MD5 checksum:    80256 eca0173e0776cfa51be3fe35275e336d
  http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-pipe_2.9.20-8+etch1_ia64.deb
    Size/MD5 checksum:    97948 58ad77f6e4a87bc86d84851836f91fca
  http://security.debian.org/pool/updates/main/p/pdns/pdns-server_2.9.20-8+etch1_ia64.deb
    Size/MD5 checksum:   941082 99eeed221822d5882679c7775049b16d
  http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-pgsql_2.9.20-8+etch1_ia64.deb
    Size/MD5 checksum:    84298 66a4d00b34bd8cfe0b1226a626c7e03c

mips architecture (MIPS (Big Endian))

  http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-sqlite_2.9.20-8+etch1_mips.deb
    Size/MD5 checksum:    63060 39a187d32f4b7211d250d3620a01cc24
  http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-pgsql_2.9.20-8+etch1_mips.deb
    Size/MD5 checksum:    70350 dee7156441aa0be6eaef652585ed5a1b
  http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-geo_2.9.20-8+etch1_mips.deb
    Size/MD5 checksum:   105298 a26d7f802d8c1fd4482558d0a6e6aa3e
  http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-pipe_2.9.20-8+etch1_mips.deb
    Size/MD5 checksum:    81156 e8c0118b7d0863f9e83ba4ec83b30019
  http://security.debian.org/pool/updates/main/p/pdns/pdns-server_2.9.20-8+etch1_mips.deb
    Size/MD5 checksum:   670300 c65ec14b44e58d5d423b1c3fb974b4ce
  http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-ldap_2.9.20-8+etch1_mips.deb
    Size/MD5 checksum:   214280 20b6cc51c4f38ccaf8daf5c93b7e8886
  http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-mysql_2.9.20-8+etch1_mips.deb
    Size/MD5 checksum:    67088 ce286fc954825fea3d3765d492eea148

mipsel architecture (MIPS (Little Endian))

  http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-sqlite_2.9.20-8+etch1_mipsel.deb
    Size/MD5 checksum:    63340 bd900083144b99155d9720a289fdd33f
  http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-ldap_2.9.20-8+etch1_mipsel.deb
    Size/MD5 checksum:   213322 ea511d369d33b503b65af378eb267521
  http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-geo_2.9.20-8+etch1_mipsel.deb
    Size/MD5 checksum:   104804 6220725bf558c49f92503e5c676b736a
  http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-pgsql_2.9.20-8+etch1_mipsel.deb
    Size/MD5 checksum:    70124 9f3ac750de78a447d510c2ac213f8f20
  http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-pipe_2.9.20-8+etch1_mipsel.deb
    Size/MD5 checksum:    81728 fd31e9f80040f6b1803d16f6e9ad78cf
  http://security.debian.org/pool/updates/main/p/pdns/pdns-server_2.9.20-8+etch1_mipsel.deb
    Size/MD5 checksum:   669432 cb6421c4f2c14c0ed2bb8a5998d60fa8
  http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-mysql_2.9.20-8+etch1_mipsel.deb
    Size/MD5 checksum:    67048 a1f9256339678471b87cb01657e1b70b

powerpc architecture (PowerPC)

  http://security.debian.org/pool/updates/main/p/pdns/pdns-server_2.9.20-8+etch1_powerpc.deb
    Size/MD5 checksum:   716276 4df7f6ea44a8d5fab0fb2bdc20752a5b
  http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-mysql_2.9.20-8+etch1_powerpc.deb
    Size/MD5 checksum:    70326 06c5c32d97c0eac47107aa00dd9008f5
  http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-pgsql_2.9.20-8+etch1_powerpc.deb
    Size/MD5 checksum:    73730 6c98ac116ea64aa66e8a617a256781cd
  http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-sqlite_2.9.20-8+etch1_powerpc.deb
    Size/MD5 checksum:    66526 ada8622d9a53d4dfd89972e99da8c1a0
  http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-pipe_2.9.20-8+etch1_powerpc.deb
    Size/MD5 checksum:    82142 255449adb0cf54fa443ee90b266102e3
  http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-ldap_2.9.20-8+etch1_powerpc.deb
    Size/MD5 checksum:   222544 2cba08f9232e4c68801b7440a74b2932
  http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-geo_2.9.20-8+etch1_powerpc.deb
    Size/MD5 checksum:   109028 c1fe83f0c527d1a9c8998d6d63ba71d0

s390 architecture (IBM S/390)

  http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-sqlite_2.9.20-8+etch1_s390.deb
    Size/MD5 checksum:    61466 6f8bf4d3a4888c2c805c2d1649e5f8e1
  http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-mysql_2.9.20-8+etch1_s390.deb
    Size/MD5 checksum:    64120 747dcdd246cb9216c38d0f60d9d83970
  http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-pipe_2.9.20-8+etch1_s390.deb
    Size/MD5 checksum:    78374 a7d74b952126768d8ee6b6a4af3ff176
  http://security.debian.org/pool/updates/main/p/pdns/pdns-server_2.9.20-8+etch1_s390.deb
    Size/MD5 checksum:   647764 b324252630cb5e9331a8da4d13029ab7
  http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-pgsql_2.9.20-8+etch1_s390.deb
    Size/MD5 checksum:    66934 af0d5492cd4ec5b0313ac93093fad6da
  http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-geo_2.9.20-8+etch1_s390.deb
    Size/MD5 checksum:   104342 2294cc657d9d41e07a2bd50ad679a931
  http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-ldap_2.9.20-8+etch1_s390.deb
    Size/MD5 checksum:   206680 752595cd21b17313ac4e89260afa2125

sparc architecture (Sun SPARC/UltraSPARC)

  http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-mysql_2.9.20-8+etch1_sparc.deb
    Size/MD5 checksum:    66600 2c9b1c9106d7d4e20c9c070938180b15
  http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-geo_2.9.20-8+etch1_sparc.deb
    Size/MD5 checksum:   102604 497b5950616a7ae22c27a41de5afce2d
  http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-ldap_2.9.20-8+etch1_sparc.deb
    Size/MD5 checksum:   213970 db7bfb0af8508c12a313932b56089245
  http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-pipe_2.9.20-8+etch1_sparc.deb
    Size/MD5 checksum:    78018 4f564a99232539283d1c22defd36d572
  http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-pgsql_2.9.20-8+etch1_sparc.deb
    Size/MD5 checksum:    69886 8294d5780a4e1fe0584354b05307ce0b
  http://security.debian.org/pool/updates/main/p/pdns/pdns-server_2.9.20-8+etch1_sparc.deb
    Size/MD5 checksum:   718572 b1edc3a9ff76c2aade1c4b3ac4312317
  http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-sqlite_2.9.20-8+etch1_sparc.deb
    Size/MD5 checksum:    63458 b5f2890c751479e3b6aa62f5782e92a1


  These files will probably be moved into the stable distribution on
  its next update.

- ---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@xxxxxxxxxxxxxxxx
Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iQEcBAEBAgAGBQJIn1CqAAoJEL97/wQC1SS+5kIH/2y6oD7sD4cWALAzHJQLlz+B
ytzW2l66FQ2i5yFTeS1n9J5nmF25BPQll0L96M1W7L7hPPYa/Os4dwWTnrgI38co
Z1YbeL52elkfXVRjA2/lmJrMcKDRB8y0I9NVfdn7YtVoqfvuvWjMDkRQL59CQn0y
DPn4Rf52lQcT7IoxaUJ1Kyxc3QADW7GGJ3zlKLb7ddwZoUyEMsHdal0+w+UEWzM6
iZ5aWrMeboh2KAoTQ+AAh7b2Z75S7bqL2U5AjL3lTGezuAuTai1iQ1H2WlYabR1P
Dw2nnPS81bTQ2sV2gAmECMFtF7wVVQnBCRsjVBkcxV/4sVZ73vTulM+ZtJqURz4=
=XSxZ
-----END PGP SIGNATURE-----
[Index of Archives]     [Linux Security]     [Netfilter]     [PHP]     [Yosemite News]     [Linux Kernel]

  Powered by Linux