-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------
Debian Security Advisory DSA-1831-1                  security@debian.org
http://www.debian.org/security/                          Thijs Kinkhorst
July 13, 2009                         http://www.debian.org/security/faq
- ------------------------------------------------------------------------

Package        : djbdns
Vulnerability  : programming error
Problem type   : remote
Debian-specific: no
CVE Id(s)      : CVE-2009-0858
Debian Bug     : 518169

Matthew Dempsky discovered that Daniel J. Bernstein's djbdns, a Domain
Name System server, does not constrain offsets in the required manner,
which allows remote attackers with control over a third-party subdomain
served by tinydns and axfrdns, to trigger DNS responses containing
arbitrary records via crafted zone data for this subdomain.

The old stable distribution (etch) does not contain djbdns.

For the stable distribution (lenny), this problem has been fixed in
version 1.05-4+lenny1.

For the unstable distribution (sid), this problem has been fixed in
version 1.05-5.

We recommend that you upgrade your djbdns package.

Upgrade instructions
- --------------------

wget url
        will fetch the file for you
dpkg -i file.deb
        will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
        will update the internal database
apt-get upgrade
        will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.


Debian GNU/Linux 5.0 alias lenny
- --------------------------------

Source archives:

  http://security.debian.org/pool/updates/main/d/djbdns/djbdns_1.05.orig.tar.gz
    Size/MD5 checksum:    85648 3147c5cd56832aa3b41955c7a51cbeb2
  http://security.debian.org/pool/updates/main/d/djbdns/djbdns_1.05-4+lenny1.dsc
    Size/MD5 checksum:     1237 b7dc377faa3cc915a4fc4c831188c536
  http://security.debian.org/pool/updates/main/d/djbdns/djbdns_1.05-4+lenny1.diff.gz
    Size/MD5 checksum:    52796 aa741f98a1c7d7b64f49b3ec3d69646d

Architecture independent packages:

  http://security.debian.org/pool/updates/main/d/djbdns/dnscache-run_1.05-4+lenny1_all.deb
    Size/MD5 checksum:    11892 0f09b110a5a7ea7090dfc315a8a07195

alpha architecture (DEC Alpha)

  http://security.debian.org/pool/updates/main/d/djbdns/djbdns_1.05-4+lenny1_alpha.deb
    Size/MD5 checksum:   376022 3830f80ce21a48e88b7e0c633e49dceb
  http://security.debian.org/pool/updates/main/d/djbdns/dbndns_1.05-4+lenny1_alpha.deb
    Size/MD5 checksum:   468272 b0a4798d65577dd53467643d000399b6

amd64 architecture (AMD x86_64 (AMD64))

  http://security.debian.org/pool/updates/main/d/djbdns/dbndns_1.05-4+lenny1_amd64.deb
    Size/MD5 checksum:   350360 4ba6658eb89e6c077bc65d890171cc72
  http://security.debian.org/pool/updates/main/d/djbdns/djbdns_1.05-4+lenny1_amd64.deb
    Size/MD5 checksum:   280924 db6e0cf1d36bd78ddca6c5d8529cceb0

arm architecture (ARM)

  http://security.debian.org/pool/updates/main/d/djbdns/dbndns_1.05-4+lenny1_arm.deb
    Size/MD5 checksum:   250172 d10532c10a8b1a97a4a80eb9fc13df4a
  http://security.debian.org/pool/updates/main/d/djbdns/djbdns_1.05-4+lenny1_arm.deb
    Size/MD5 checksum:   225608 341f7d38f134999384529eeb198086a5

armel architecture (ARM EABI)

  http://security.debian.org/pool/updates/main/d/djbdns/dbndns_1.05-4+lenny1_armel.deb
    Size/MD5 checksum:   298760 02d7ec2dd3de0f7f7f1953c2598bb66d
  http://security.debian.org/pool/updates/main/d/djbdns/djbdns_1.05-4+lenny1_armel.deb
    Size/MD5 checksum:   250440 6a510480fb22b97faf94dfbb7d5abccf

hppa architecture (HP PA RISC)

  http://security.debian.org/pool/updates/main/d/djbdns/dbndns_1.05-4+lenny1_hppa.deb
    Size/MD5 checksum:   365562 40bc21efebeb6e848484cbfcaac87e72
  http://security.debian.org/pool/updates/main/d/djbdns/djbdns_1.05-4+lenny1_hppa.deb
    Size/MD5 checksum:   303522 884370529609702ecc4dc362953210db

i386 architecture (Intel ia32)

  http://security.debian.org/pool/updates/main/d/djbdns/dbndns_1.05-4+lenny1_i386.deb
    Size/MD5 checksum:   269360 cb87c5c2b60dbb6e2bc30b6e47ea5beb
  http://security.debian.org/pool/updates/main/d/djbdns/djbdns_1.05-4+lenny1_i386.deb
    Size/MD5 checksum:   237334 ea0f66d842ce13a6a989efb387745813

ia64 architecture (Intel ia64)

  http://security.debian.org/pool/updates/main/d/djbdns/djbdns_1.05-4+lenny1_ia64.deb
    Size/MD5 checksum:   495368 fd6574844346c01adc85bb2f64f09009
  http://security.debian.org/pool/updates/main/d/djbdns/dbndns_1.05-4+lenny1_ia64.deb
    Size/MD5 checksum:   584748 dc2f804743edc82eacfd3a5a644ae77a

mips architecture (MIPS (Big Endian))

  http://security.debian.org/pool/updates/main/d/djbdns/djbdns_1.05-4+lenny1_mips.deb
    Size/MD5 checksum:   364272 c4da4293a29d8d499aa3b22ddbce4fd1
  http://security.debian.org/pool/updates/main/d/djbdns/dbndns_1.05-4+lenny1_mips.deb
    Size/MD5 checksum:   447956 53db6801f7cae6324296f1f47eb0b86c

mipsel architecture (MIPS (Little Endian))

  http://security.debian.org/pool/updates/main/d/djbdns/djbdns_1.05-4+lenny1_mipsel.deb
    Size/MD5 checksum:   363136 2a77e576d2bd8129659a0abe4944b877
  http://security.debian.org/pool/updates/main/d/djbdns/dbndns_1.05-4+lenny1_mipsel.deb
    Size/MD5 checksum:   446700 2bafbc1dc76d470484ab108e92b7dae2

powerpc architecture (PowerPC)

  http://security.debian.org/pool/updates/main/d/djbdns/djbdns_1.05-4+lenny1_powerpc.deb
    Size/MD5 checksum:   270750 3ee59ee9320d6a205c4a8decaa40f542
  http://security.debian.org/pool/updates/main/d/djbdns/dbndns_1.05-4+lenny1_powerpc.deb
    Size/MD5 checksum:   332636 629f4decc315ac55e7a2704de4755358

s390 architecture (IBM S/390)

  http://security.debian.org/pool/updates/main/d/djbdns/djbdns_1.05-4+lenny1_s390.deb
    Size/MD5 checksum:   265986 2148a2f1d5f12fc444f76414a632aaea
  http://security.debian.org/pool/updates/main/d/djbdns/dbndns_1.05-4+lenny1_s390.deb
    Size/MD5 checksum:   324762 5c616a1fccaf633ecb77f145b6c4f648

sparc architecture (Sun SPARC/UltraSPARC)

  http://security.debian.org/pool/updates/main/d/djbdns/dbndns_1.05-4+lenny1_sparc.deb
    Size/MD5 checksum:   289234 030ded000454623b720d589eaf5db8bc
  http://security.debian.org/pool/updates/main/d/djbdns/djbdns_1.05-4+lenny1_sparc.deb
    Size/MD5 checksum:   252888 18fd0b54b12a8d65a9aeb41b11b78e85


  These files will probably be moved into the stable distribution on
  its next update.

- ---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iQEcBAEBAgAGBQJKW5QgAAoJECIIoQCMVaAcwfQH/1ZZCH0SVcFecp+0FPq8KDOH
+Ug7s4Voup4P5FS7bTTctr+UNC/beS2SPM8uJtCSvCAB04umEWVsmUmk5l+s9LVL
6XwWNP+UGoGz86CMI9gxQ3+UKqfJ/Magz018t0eP5BlLacIr5L7NoFc4uUJ15rE3
fHJb+6bi3Z6fjxnXr80D1Zgl6WRxDNnl0QOL5ny/R+8nrmqVN0Ojp2kvQnyID8gz
ZwHgOG5I6XJs2SSm2K57QN5vmC1LfNqkh4tf54+aULmHNJoE+eyX7hH1vRYPpwxE
7HMTkxP19zCIxAA5RW8hTxNbfLtUVFbbrH88T9RUt66eGLTW9BRGYAdBki/gTGA=
=hPtm
-----END PGP SIGNATURE-----