Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
===========================================================================
AUSCERT External Security Bulletin Redistribution
ESB-2008.0784 -- [Win][UNIX/Linux]
New PowerDNS packages reduce DNS spoofing risk
11 August 2008
===========================================================================
AusCERT Security Bulletin Summary
---------------------------------
Product: PowerDNS
Publisher: Debian
Operating System: UNIX variants (UNIX, Linux, OSX)
Windows
Impact: Provide Misleading Information
Access: Remote/Unauthenticated
CVE Names: CVE-2008-3337
Original Bulletin: http://www.debian.org/security/2008/dsa-1627
Comment: This advisory references vulnerabilities in products which run on
platforms other than Debian. It is recommended that administrators
running PowerDNS check for an updated version of the software for
their operating system.
- --------------------------BEGIN INCLUDED TEXT--------------------
- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
- - ------------------------------------------------------------------------
Debian Security Advisory DSA-1628-1 security@debian.org
http://www.debian.org/security/ Florian Weimer
August 10, 2008 http://www.debian.org/security/faq
- - ------------------------------------------------------------------------
Package : pdns
Problem type : remote
Debian-specific: no
CVE Id(s) : CVE-2008-3337
Brian Dowling discovered that the PowerDNS authoritative name server
does not respond to DNS queries which contain certain characters,
increasing the risk of successful DNS spoofing (CVE-2008-3337). This
update changes PowerDNS to respond with SERVFAIL responses instead.
For the stable distribution (etch), this problem has been fixed in version
2.9.20-8+etch1.
For the unstable distribution (sid), this problem has been fixed in
version 2.9.21.1-1.
We recommend that you upgrade your pdns package.
Upgrade instructions
- - --------------------
wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.
If you are using the apt-get package manager, use the line for
sources.list as given below:
apt-get update
will update the internal database
apt-get upgrade
will install corrected packages
You may use an automated update by adding the resources from the
footer to the proper configuration.
Debian GNU/Linux 4.0 alias etch
- - -------------------------------
Source archives:
http://security.debian.org/pool/updates/main/p/pdns/pdns_2.9.20-8+etch1.dsc
Size/MD5 checksum: 1137 0a41ec265f82fce6d439919cdae6001a
http://security.debian.org/pool/updates/main/p/pdns/pdns_2.9.20-8+etch1.diff.gz
Size/MD5 checksum: 51420 bb972467332e6122cee9d363ca55ad2e
http://security.debian.org/pool/updates/main/p/pdns/pdns_2.9.20.orig.tar.gz
Size/MD5 checksum: 861879 66b3d3847f91e9ac3d13bdb8ddabfc7b
Architecture independent packages:
http://security.debian.org/pool/updates/main/p/pdns/pdns_2.9.20-8+etch1_all.deb
Size/MD5 checksum: 18402 ce1890128198b2924ec047c6fc4cd986
http://security.debian.org/pool/updates/main/p/pdns/pdns-doc_2.9.20-8+etch1_all.deb
Size/MD5 checksum: 151286 ee2289703f9bc5a55ec2610309f638d8
alpha architecture (DEC Alpha)
http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-geo_2.9.20-8+etch1_alpha.deb
Size/MD5 checksum: 128498 662065c9d72d1ce6010322203c0de483
http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-pipe_2.9.20-8+etch1_alpha.deb
Size/MD5 checksum: 101180 ed93c993121ef29ea27aec3e51ae780a
http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-ldap_2.9.20-8+etch1_alpha.deb
Size/MD5 checksum: 270198 7ea2ed079ca10c956bf85ce86cc4b91f
http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-sqlite_2.9.20-8+etch1_alpha.deb
Size/MD5 checksum: 80612 66cdb0206efd5384a6c12059bed6a810
http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-pgsql_2.9.20-8+etch1_alpha.deb
Size/MD5 checksum: 89786 5b5b81b0b2b5a652047c8b5843f853a5
http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-mysql_2.9.20-8+etch1_alpha.deb
Size/MD5 checksum: 85122 7b27de3ebd7f6b97b56aac71b724bf74
http://security.debian.org/pool/updates/main/p/pdns/pdns-server_2.9.20-8+etch1_alpha.deb
Size/MD5 checksum: 809372 9de5122e1f69aafe84e9cfa5804223c5
amd64 architecture (AMD x86_64 (AMD64))
http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-geo_2.9.20-8+etch1_amd64.deb
Size/MD5 checksum: 105322 1f82a2e47996af30eaf4cbb3790d8595
http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-pgsql_2.9.20-8+etch1_amd64.deb
Size/MD5 checksum: 72704 11d22cf7210db662e8667784f07aa5f3
http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-ldap_2.9.20-8+etch1_amd64.deb
Size/MD5 checksum: 216888 8568e7c10fa743b1b94d84a5d65be8b4
http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-mysql_2.9.20-8+etch1_amd64.deb
Size/MD5 checksum: 69118 297d560f7fc926151fb3e7e48840e279
http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-sqlite_2.9.20-8+etch1_amd64.deb
Size/MD5 checksum: 65954 4ce9ab913782ad2285e1a729f73bfb77
http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-pipe_2.9.20-8+etch1_amd64.deb
Size/MD5 checksum: 81000 62ea289801afba9d82d57647a5b69a1e
http://security.debian.org/pool/updates/main/p/pdns/pdns-server_2.9.20-8+etch1_amd64.deb
Size/MD5 checksum: 700178 466d9d5a83f8f54346bcfef8594482cb
arm architecture (ARM)
http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-sqlite_2.9.20-8+etch1_arm.deb
Size/MD5 checksum: 72396 1cdaa3e1e9b6f9c0fc4c0d6ebd4431cc
http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-geo_2.9.20-8+etch1_arm.deb
Size/MD5 checksum: 113774 f9e6a066829b4ab17cacb06da5115c97
http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-pgsql_2.9.20-8+etch1_arm.deb
Size/MD5 checksum: 79256 ae1f671e2546d03ee244ca08a6cd7739
http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-ldap_2.9.20-8+etch1_arm.deb
Size/MD5 checksum: 245716 a914afcf74e95b26e87a2982ea339318
http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-mysql_2.9.20-8+etch1_arm.deb
Size/MD5 checksum: 76732 ed38f9dea0d74cfac026951d532eb2dc
http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-pipe_2.9.20-8+etch1_arm.deb
Size/MD5 checksum: 88456 5e573619f814e75190dfbd5d18684cbe
http://security.debian.org/pool/updates/main/p/pdns/pdns-server_2.9.20-8+etch1_arm.deb
Size/MD5 checksum: 834670 4f9ff6e1b22d5ebe6a2cee9cfab9f333
hppa architecture (HP PA RISC)
http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-pipe_2.9.20-8+etch1_hppa.deb
Size/MD5 checksum: 89188 c7d85f3d66651f9b27b10ccc26bc56c4
http://security.debian.org/pool/updates/main/p/pdns/pdns-server_2.9.20-8+etch1_hppa.deb
Size/MD5 checksum: 779220 b1ce1b8f19c577b0ee4f2a1ee08237e7
http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-sqlite_2.9.20-8+etch1_hppa.deb
Size/MD5 checksum: 71462 8a979586b26e57bcb275eaa418e82984
http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-mysql_2.9.20-8+etch1_hppa.deb
Size/MD5 checksum: 74914 c8b1db6a6eb2a04ea29ec760e4ee8e9d
http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-geo_2.9.20-8+etch1_hppa.deb
Size/MD5 checksum: 116772 5fc7175897c29277345d6f17a2163976
http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-pgsql_2.9.20-8+etch1_hppa.deb
Size/MD5 checksum: 78590 c6f85e199a17cb460e0c68c89b0bd964
http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-ldap_2.9.20-8+etch1_hppa.deb
Size/MD5 checksum: 241084 fe36e0a467697245f7a7311da13525aa
i386 architecture (Intel ia32)
http://security.debian.org/pool/updates/main/p/pdns/pdns-server_2.9.20-8+etch1_i386.deb
Size/MD5 checksum: 708666 36483e99ba35b15425455a4a89dafe08
http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-pgsql_2.9.20-8+etch1_i386.deb
Size/MD5 checksum: 70008 10aecf8368afb6c194e1a1820655d3fd
http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-mysql_2.9.20-8+etch1_i386.deb
Size/MD5 checksum: 66474 18efd44bd3b34fbc402f4d0226e82f3b
http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-ldap_2.9.20-8+etch1_i386.deb
Size/MD5 checksum: 217716 0c9b86c448fe9842e93048dc4fcbbd1c
http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-sqlite_2.9.20-8+etch1_i386.deb
Size/MD5 checksum: 63686 f849a4d00ed60c49955a408ca6881fae
http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-pipe_2.9.20-8+etch1_i386.deb
Size/MD5 checksum: 78932 3d9391be91d78616516bf7634ee97a18
http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-geo_2.9.20-8+etch1_i386.deb
Size/MD5 checksum: 105212 1ae9f44fef55b966568e29c057f6f87f
ia64 architecture (Intel ia64)
http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-sqlite_2.9.20-8+etch1_ia64.deb
Size/MD5 checksum: 77244 4d91e45c77bb38a41982e93e2479757d
http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-ldap_2.9.20-8+etch1_ia64.deb
Size/MD5 checksum: 282342 57d8d9dcd767e37894d0f9f894e386e6
http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-geo_2.9.20-8+etch1_ia64.deb
Size/MD5 checksum: 130856 f13b6a20419dbafda9cd00905149170c
http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-mysql_2.9.20-8+etch1_ia64.deb
Size/MD5 checksum: 80256 eca0173e0776cfa51be3fe35275e336d
http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-pipe_2.9.20-8+etch1_ia64.deb
Size/MD5 checksum: 97948 58ad77f6e4a87bc86d84851836f91fca
http://security.debian.org/pool/updates/main/p/pdns/pdns-server_2.9.20-8+etch1_ia64.deb
Size/MD5 checksum: 941082 99eeed221822d5882679c7775049b16d
http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-pgsql_2.9.20-8+etch1_ia64.deb
Size/MD5 checksum: 84298 66a4d00b34bd8cfe0b1226a626c7e03c
mips architecture (MIPS (Big Endian))
http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-sqlite_2.9.20-8+etch1_mips.deb
Size/MD5 checksum: 63060 39a187d32f4b7211d250d3620a01cc24
http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-pgsql_2.9.20-8+etch1_mips.deb
Size/MD5 checksum: 70350 dee7156441aa0be6eaef652585ed5a1b
http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-geo_2.9.20-8+etch1_mips.deb
Size/MD5 checksum: 105298 a26d7f802d8c1fd4482558d0a6e6aa3e
http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-pipe_2.9.20-8+etch1_mips.deb
Size/MD5 checksum: 81156 e8c0118b7d0863f9e83ba4ec83b30019
http://security.debian.org/pool/updates/main/p/pdns/pdns-server_2.9.20-8+etch1_mips.deb
Size/MD5 checksum: 670300 c65ec14b44e58d5d423b1c3fb974b4ce
http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-ldap_2.9.20-8+etch1_mips.deb
Size/MD5 checksum: 214280 20b6cc51c4f38ccaf8daf5c93b7e8886
http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-mysql_2.9.20-8+etch1_mips.deb
Size/MD5 checksum: 67088 ce286fc954825fea3d3765d492eea148
mipsel architecture (MIPS (Little Endian))
http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-sqlite_2.9.20-8+etch1_mipsel.deb
Size/MD5 checksum: 63340 bd900083144b99155d9720a289fdd33f
http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-ldap_2.9.20-8+etch1_mipsel.deb
Size/MD5 checksum: 213322 ea511d369d33b503b65af378eb267521
http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-geo_2.9.20-8+etch1_mipsel.deb
Size/MD5 checksum: 104804 6220725bf558c49f92503e5c676b736a
http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-pgsql_2.9.20-8+etch1_mipsel.deb
Size/MD5 checksum: 70124 9f3ac750de78a447d510c2ac213f8f20
http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-pipe_2.9.20-8+etch1_mipsel.deb
Size/MD5 checksum: 81728 fd31e9f80040f6b1803d16f6e9ad78cf
http://security.debian.org/pool/updates/main/p/pdns/pdns-server_2.9.20-8+etch1_mipsel.deb
Size/MD5 checksum: 669432 cb6421c4f2c14c0ed2bb8a5998d60fa8
http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-mysql_2.9.20-8+etch1_mipsel.deb
Size/MD5 checksum: 67048 a1f9256339678471b87cb01657e1b70b
powerpc architecture (PowerPC)
http://security.debian.org/pool/updates/main/p/pdns/pdns-server_2.9.20-8+etch1_powerpc.deb
Size/MD5 checksum: 716276 4df7f6ea44a8d5fab0fb2bdc20752a5b
http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-mysql_2.9.20-8+etch1_powerpc.deb
Size/MD5 checksum: 70326 06c5c32d97c0eac47107aa00dd9008f5
http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-pgsql_2.9.20-8+etch1_powerpc.deb
Size/MD5 checksum: 73730 6c98ac116ea64aa66e8a617a256781cd
http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-sqlite_2.9.20-8+etch1_powerpc.deb
Size/MD5 checksum: 66526 ada8622d9a53d4dfd89972e99da8c1a0
http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-pipe_2.9.20-8+etch1_powerpc.deb
Size/MD5 checksum: 82142 255449adb0cf54fa443ee90b266102e3
http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-ldap_2.9.20-8+etch1_powerpc.deb
Size/MD5 checksum: 222544 2cba08f9232e4c68801b7440a74b2932
http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-geo_2.9.20-8+etch1_powerpc.deb
Size/MD5 checksum: 109028 c1fe83f0c527d1a9c8998d6d63ba71d0
s390 architecture (IBM S/390)
http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-sqlite_2.9.20-8+etch1_s390.deb
Size/MD5 checksum: 61466 6f8bf4d3a4888c2c805c2d1649e5f8e1
http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-mysql_2.9.20-8+etch1_s390.deb
Size/MD5 checksum: 64120 747dcdd246cb9216c38d0f60d9d83970
http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-pipe_2.9.20-8+etch1_s390.deb
Size/MD5 checksum: 78374 a7d74b952126768d8ee6b6a4af3ff176
http://security.debian.org/pool/updates/main/p/pdns/pdns-server_2.9.20-8+etch1_s390.deb
Size/MD5 checksum: 647764 b324252630cb5e9331a8da4d13029ab7
http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-pgsql_2.9.20-8+etch1_s390.deb
Size/MD5 checksum: 66934 af0d5492cd4ec5b0313ac93093fad6da
http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-geo_2.9.20-8+etch1_s390.deb
Size/MD5 checksum: 104342 2294cc657d9d41e07a2bd50ad679a931
http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-ldap_2.9.20-8+etch1_s390.deb
Size/MD5 checksum: 206680 752595cd21b17313ac4e89260afa2125
sparc architecture (Sun SPARC/UltraSPARC)
http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-mysql_2.9.20-8+etch1_sparc.deb
Size/MD5 checksum: 66600 2c9b1c9106d7d4e20c9c070938180b15
http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-geo_2.9.20-8+etch1_sparc.deb
Size/MD5 checksum: 102604 497b5950616a7ae22c27a41de5afce2d
http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-ldap_2.9.20-8+etch1_sparc.deb
Size/MD5 checksum: 213970 db7bfb0af8508c12a313932b56089245
http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-pipe_2.9.20-8+etch1_sparc.deb
Size/MD5 checksum: 78018 4f564a99232539283d1c22defd36d572
http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-pgsql_2.9.20-8+etch1_sparc.deb
Size/MD5 checksum: 69886 8294d5780a4e1fe0584354b05307ce0b
http://security.debian.org/pool/updates/main/p/pdns/pdns-server_2.9.20-8+etch1_sparc.deb
Size/MD5 checksum: 718572 b1edc3a9ff76c2aade1c4b3ac4312317
http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-sqlite_2.9.20-8+etch1_sparc.deb
Size/MD5 checksum: 63458 b5f2890c751479e3b6aa62f5782e92a1
These files will probably be moved into the stable distribution on
its next update.
- - ---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>
- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iQEcBAEBAgAGBQJIn1CqAAoJEL97/wQC1SS+5kIH/2y6oD7sD4cWALAzHJQLlz+B
ytzW2l66FQ2i5yFTeS1n9J5nmF25BPQll0L96M1W7L7hPPYa/Os4dwWTnrgI38co
Z1YbeL52elkfXVRjA2/lmJrMcKDRB8y0I9NVfdn7YtVoqfvuvWjMDkRQL59CQn0y
DPn4Rf52lQcT7IoxaUJ1Kyxc3QADW7GGJ3zlKLb7ddwZoUyEMsHdal0+w+UEWzM6
iZ5aWrMeboh2KAoTQ+AAh7b2Z75S7bqL2U5AjL3lTGezuAuTai1iQ1H2WlYabR1P
Dw2nnPS81bTQ2sV2gAmECMFtF7wVVQnBCRsjVBkcxV/4sVZ73vTulM+ZtJqURz4=
=XSxZ
- -----END PGP SIGNATURE-----
- --------------------------END INCLUDED TEXT--------------------
You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.
NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members. As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.
NOTE: This is only the original release of the security bulletin. It may
not be updated when updates to the original are made. If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.
Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.
Previous advisories and external security bulletins can be retrieved from:
http://www.auscert.org.au/render.html?cid=1980
If you believe that your computer system has been compromised or attacked in
any way, we encourage you to let us know by completing the secure National IT
Incident Reporting Form at:
http://www.auscert.org.au/render.html?it=3192
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967
iQCVAwUBSJ9+XSh9+71yA2DNAQKB3QP+KFeWdLHIbKrMHhNuc8Ta+Vm+HGats1VA
FEy1QkwCzJoVMeryWjv3+1u8CQkxDPPL1eXgj//8O8GhNX+f2LgbyS5BXBPbNSXh
E/b0P5wyK6CIGHpDSBPuhBxBgzxM6bbMbdSpQQAHxpV3wXc1sLEIeAHpLkp5PRdJ
EboW7F7A570=
=XJy9
-----END PGP SIGNATURE-----