Debian Linux Security Advisory 1968-1

Debian Linux Security Advisory 1968-1: Posted Jan 9, 2010; Authored by Debian | Site debian.org; Debian Linux Security Advisory 1968-1 - It was discovered that pdns-recursor, the PowerDNS recursive name server, contains several vulnerabilities:; tags | advisory, vulnerability; systems | linux, debian; advisories | CVE-2009-4009, CVE-2009-4010; SHA-256 | 85d14261cdc79228793e37ee79b1af4e21838f5e1fbfe5c1e4ac367700ef6b0b; Download | Favorite | View

Debian Linux Security Advisory 1968-1

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------
Debian Security Advisory DSA-1968-1                  security@debian.org
http://www.debian.org/security/                           Florian Weimer
January 08, 2010                      http://www.debian.org/security/faq
- ------------------------------------------------------------------------

Package        : pdns-recursor
Vulnerability  : several
Problem type   : remote
Debian-specific: no
CVE Id(s)      : CVE-2009-4009 CVE-2009-4010

It was discovered that pdns-recursor, the PowerDNS recursive name
server, contains several vulnerabilities:

A buffer overflow can be exploited to crash the daemon, or potentially
execute arbitrary code (CVE-2009-4009).

A cache poisoning vulnerability may allow attackers to trick the
server into serving incorrect DNS data (CVE-2009-4010).

For the old stable distribution (etch), fixed packages will be
provided soon.

For the stable distribution (lenny), these problems have been fixed in
version 3.1.7-1+lenny1.

For the unstable distribution (sid), these problems have been fixed in
version 3.1.7.2-1.

We recommend that you upgrade your pdns-recursor package.

Upgrade instructions
- --------------------

wget url
        will fetch the file for you
dpkg -i file.deb
        will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
        will update the internal database
apt-get upgrade
        will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.


Debian GNU/Linux 5.0 alias lenny
- --------------------------------

Source archives:

  http://security.debian.org/pool/updates/main/p/pdns-recursor/pdns-recursor_3.1.7.orig.tar.gz
    Size/MD5 checksum:   211760 38c58fef666685d6756da97baf9b4d51
  http://security.debian.org/pool/updates/main/p/pdns-recursor/pdns-recursor_3.1.7-1+lenny1.dsc
    Size/MD5 checksum:     1654 fff9beb43eec355ca42d93d53c1ce299
  http://security.debian.org/pool/updates/main/p/pdns-recursor/pdns-recursor_3.1.7-1+lenny1.diff.gz
    Size/MD5 checksum:    14769 8794fecd11f1b014592e2a36d40aaaf6

alpha architecture (DEC Alpha)

  http://security.debian.org/pool/updates/main/p/pdns-recursor/pdns-recursor_3.1.7-1+lenny1_alpha.deb
    Size/MD5 checksum:   545726 dc05fab76c0fcb051b9a428cfa126061

amd64 architecture (AMD x86_64 (AMD64))

  http://security.debian.org/pool/updates/main/p/pdns-recursor/pdns-recursor_3.1.7-1+lenny1_amd64.deb
    Size/MD5 checksum:   440822 365fc4da2fd1770f8e62f1a3a0046231

i386 architecture (Intel ia32)

  http://security.debian.org/pool/updates/main/p/pdns-recursor/pdns-recursor_3.1.7-1+lenny1_i386.deb
    Size/MD5 checksum:   440686 ac26d27658892619ce539921796bce67

ia64 architecture (Intel ia64)

  http://security.debian.org/pool/updates/main/p/pdns-recursor/pdns-recursor_3.1.7-1+lenny1_ia64.deb
    Size/MD5 checksum:   631308 f80c2d28ee6d9ebdbf6cad177c8fbddd

powerpc architecture (PowerPC)

  http://security.debian.org/pool/updates/main/p/pdns-recursor/pdns-recursor_3.1.7-1+lenny1_powerpc.deb
    Size/MD5 checksum:   463434 f0bba833d4231bb2237433373e888a12

s390 architecture (IBM S/390)

  http://security.debian.org/pool/updates/main/p/pdns-recursor/pdns-recursor_3.1.7-1+lenny1_s390.deb
    Size/MD5 checksum:   428138 994a5190fa0f73b49252bee0a695fb4d


  These files will probably be moved into the stable distribution on
  its next update.

- ---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iQEcBAEBAgAGBQJLR6jtAAoJEL97/wQC1SS+RxkH/0esg7lQO3qDCRJw32DPNjI0
zlHI6Z6jvWyhYnitqfrzuXdgU18Nq5txdLvJlllQOtxVOnwXAaVOSHCELc0c4i2D
DC0JLWGm43n6RBxEteJsx83xN5yucVg4c7KvSjDM2lHkcOnXL+Z6Qz93pFgoL9wF
x6uBdBBV3+YqrvHvl8hV0fHQPyMYvE6x2sJ5eBm6bluXCPgNYviFtiCTx1HUUTBn
csGvkDSX81vFe07AKWr41ZiC0p5vesyJC4V6ljB2l9UWPLGT1pKZSuByfdNYMgvV
guGTqguJzcjaoQ8Cn619Rmqn513N8itRyIqb8gI9E+YmcizBIdLHDi4JSsD/ikA=
=XCaJ
-----END PGP SIGNATURE-----

Top Authors In Last 30 Days

Red Hat 253 files
Ubuntu 83 files
Gentoo 29 files
indoushka 26 files
Debian 10 files
Sina Kheirkhah 7 files
tmrswrr 7 files
Rodolfo Tavares 4 files
Google Security Research 2 files
S. Dietz 2 files

File Archives

Systems

AIX (429)
Apple (2,090)
BSD (377)
CentOS (58)
Cisco (1,927)
Debian (7,082)
Fedora (1,693)
FreeBSD (1,246)
Gentoo (4,534)
HPUX (880)
iOS (376)
iPhone (108)
IRIX (220)
Juniper (69)
Linux (50,527)
Mac OS X (691)
Mandriva (3,105)
NetBSD (256)
OpenBSD (489)
RedHat (16,402)
Slackware (941)
Solaris (1,611)
SUSE (1,444)
Ubuntu (9,689)
UNIX (9,431)
UnixWare (187)
Windows (6,667)
Other

Debian Linux Security Advisory 1968-1

Debian Linux Security Advisory 1968-1

File Archive:

July 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems

Debian Linux Security Advisory 1968-1

Share This

Debian Linux Security Advisory 1968-1

File Archive:

July 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems