You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@spamassassin.apache.org by Michael Scheidell <sc...@secnap.net> on 2008/03/27 16:15:55 UTC
Net::DNS .060 allows remote attackers to cause DOS
From:
http://search.cpan.org/src/OLAF/Net-DNS-0.63/Changes
Fix rt.cpan.org #30316 Security issue with Net::DNS Resolver.
Net/DNS/RR/A.pm in Net::DNS 0.60 build 654 allows remote attackers to
cause a denial of service (program "croak") via a crafted DNS
response (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-6341). Packet
parsing routines are now enclosed in eval blocks to trap exception
and avoid premature termination of user program.
Fix: Update to 0.63.
Note: to Freebsd Ports SpamAssassin users: A minor update to SA will
include dependency on 0.63. pt-Net-DNS was updated on ports tree 10
days ago:
http://www.freebsd.org/cgi/query-pr.cgi?pr=120702
An official update to SA ports version 3.4.2_3 will be send to ports
shortly.
--
Michael Scheidell, CTO
Main: 561-999-5000, Office: 561-939-7259
> *| *SECNAP Network Security Corporation
Winner 2008 Technosium hot company award.
www.technosium.com/hotcompanies/ <http://www.technosium.com/hotcompanies/>
_________________________________________________________________________
This email has been scanned and certified safe by SpammerTrap(tm).
For Information please see http://www.spammertrap.com
_________________________________________________________________________
RE: :DNS .060 allows remote attackers to cause DOS
Posted by Robert - elists <li...@abbacomm.net>.
From:
http://search.cpan.org/src/OLAF/Net-DNS-0.63/Changes
Fix rt.cpan.org #30316 Security issue with Net::DNS Resolver.
Net/DNS/RR/A.pm in Net::DNS 0.60 build 654 allows remote attackers to
cause a denial of service (program "croak") via a crafted DNS
response (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-6341). Packet
parsing routines are now enclosed in eval blocks to trap exception
and avoid premature termination of user program.
Fix: Update to 0.63.
Note: to Freebsd Ports SpamAssassin users: A minor update to SA will include
dependency on 0.63. pt-Net-DNS was updated on ports tree 10 days ago:
http://www.freebsd.org/cgi/query-pr.cgi?pr=120702
An official update to SA ports version 3.4.2_3 will be send to ports shortly
Hmmmmm.
Is the post above from Scheidell a BSD *port* update only related issue
posting ???
There have been 3 updates to perl-Net-DNS in the last 8 months since .60
We have been using .63 since about Feb 21 2008
- rh
Re: Net::DNS .060 allows remote attackers to cause DOS
Posted by mouss <mo...@netoyen.net>.
Michael Scheidell wrote:
> From:
> http://search.cpan.org/src/OLAF/Net-DNS-0.63/Changes
>
> Fix rt.cpan.org #30316 Security issue with Net::DNS Resolver.
>
> Net/DNS/RR/A.pm in Net::DNS 0.60 build 654 allows remote attackers
> to cause a denial of service (program "croak") via a crafted DNS
> response (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-6341). Packet
> parsing routines are now enclosed in eval blocks to trap exception
> and avoid premature termination of user program.
>
> Fix: Update to 0.63.
>
> Note: to Freebsd Ports SpamAssassin users: A minor update to SA will
> include dependency on 0.63. pt-Net-DNS was updated on ports tree 10
> days ago:
> http://www.freebsd.org/cgi/query-pr.cgi?pr=120702
>
> An official update to SA ports version 3.4.2_3 will be send to ports
> shortly.
you mean 3.4.2_3 I guess.
PS. shouldn't the audit db be updated?