Ubuntu Security Notice USN-483-1
13th July, 2007
libnet-dns-perl vulnerabilities
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 6.10
- Ubuntu 6.06 LTS
Details
Peter Johannes Holzer discovered that the Net::DNS Perl module had
predictable sequence numbers. This could allow remote attackers to
carry out DNS spoofing, leading to possible man-in-the-middle attacks.
(CVE-2007-3377)
Steffen Ullrich discovered that the Net::DNS Perl module did not correctly
detect recursive compressed responses. A remote attacker could send a
specially crafted packet, causing applications using Net::DNS to crash or
monopolize CPU resources, leading to a denial of service. (CVE-2007-3409)
Update instructions
The problem can be corrected by updating your system to the following package version:
- Ubuntu 6.10:
- libnet-dns-perl 0.57-1ubuntu1
- Ubuntu 6.06 LTS:
- libnet-dns-perl 0.53-2ubuntu1
To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.
After a standard system upgrade you need to reboot your computer to
effect the necessary changes.