SciLinux: Moderate Advisory for perl-Net-DNS CVE-2007-3377 DoS Risk

Date: Thu, 12 Jul 2007 18:08:19 -0500
Reply-To: Connie Sieh 
Sender: Security Errata for Scientific Linux
 
From: Connie Sieh 
Subject: Security ERRATA for perl-Net-DNS on SL3.0.x, SL4.x,
 SL5.x i386/x86_64
Comments: To: scientific 

Synopsis: Moderate: perl-Net-DNS security update
CVE Names: CVE-2007-3377 CVE-2007-3409

Description:
A flaw was found in the way Net::DNS generated the ID field in a DNS
query.
This predictable ID field could be used by a remote attacker to return
invalid DNS data. (CVE-2007-3377)

A denial of service flaw was found in the way Net::DNS parsed certain DNS
requests. A malformed response to a DNS request could cause the
application
using Net::DNS to crash or stop responding. (CVE-2007-3409)

SL 3.0.x

 SRPMS:
 	perl-Net-DNS-0.31-4.el3.src.rpm

 i386:
 	perl-Net-DNS-0.31-4.el3.noarch.rpm

 x86_64:
 	perl-Net-DNS-0.31-4.el3.noarch.rpm

SL 4.x

 SRPMS:
 	perl-Net-DNS-0.48-2.el4.src.rpm

 i386:
 	perl-Net-DNS-0.48-2.el4.i386.rpm

 x86_64:
 	perl-Net-DNS-0.48-2.el4.x86_64.rpm

SL 5.x

 SRPMS:
 	perl-Net-DNS-0.59-3.el5.src.rpm

 i386:
 	perl-Net-DNS-0.59-3.el5.i386.rpm

 x86_64:
 	perl-Net-DNS-0.59-3.el5.x86_64.rpm

-Connie Sieh