Articles / Debian: New djbdns packages…

Debian: New djbdns packages fix privilege escalation

Matthew Dempsky discovered that Daniel J. Bernstein’s djbdns, a Domain Name System server, does not constrain offsets in the required manner, which allows remote attackers with control over a third-party subdomain served by tinydns and axfrdns, to trigger DNS responses containing arbitrary records via crafted zone data for this subdomain. Updated packages are available from security.debian.org.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------
Debian Security Advisory DSA-1831-1                  security@debian.org
http://www.debian.org/security/                          Thijs Kinkhorst
July 13, 2009                         http://www.debian.org/security/faq
- ------------------------------------------------------------------------

Package        : djbdns
Vulnerability  : programming error
Problem type   : remote
Debian-specific: no
CVE Id(s)      : CVE-2009-0858
Debian Bug     : 518169

Matthew Dempsky discovered that Daniel J. Bernstein's djbdns, a Domain
Name System server, does not constrain offsets in the required manner,
which allows remote attackers with control over a third-party subdomain
served by tinydns and axfrdns, to trigger DNS responses containing
arbitrary records via crafted zone data for this subdomain.

The old stable distribution (etch) does not contain djbdns.

For the stable distribution (lenny), this problem has been fixed in
version 1.05-4+lenny1.

For the unstable distribution (sid), this problem has been fixed in
version 1.05-5.

We recommend that you upgrade your djbdns package.

Upgrade instructions
- --------------------

wget url
       will fetch the file for you
dpkg -i file.deb
       will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
       will update the internal database
apt-get upgrade
       will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.


Debian GNU/Linux 5.0 alias lenny
- --------------------------------

Source archives:

 http://security.debian.org/pool/updates/main/d/djbdns/djbdns_1.05.orig.tar.gz
   Size/MD5 checksum:    85648 3147c5cd56832aa3b41955c7a51cbeb2
 http://security.debian.org/pool/updates/main/d/djbdns/djbdns_1.05-4+lenny1.dsc
   Size/MD5 checksum:     1237 b7dc377faa3cc915a4fc4c831188c536
 http://security.debian.org/pool/updates/main/d/djbdns/djbdns_1.05-4+lenny1.diff.gz
   Size/MD5 checksum:    52796 aa741f98a1c7d7b64f49b3ec3d69646d

Architecture independent packages:

 http://security.debian.org/pool/updates/main/d/djbdns/dnscache-run_1.05-4+lenny1_all.deb
   Size/MD5 checksum:    11892 0f09b110a5a7ea7090dfc315a8a07195

alpha architecture (DEC Alpha)

 http://security.debian.org/pool/updates/main/d/djbdns/djbdns_1.05-4+lenny1_alpha.deb
   Size/MD5 checksum:   376022 3830f80ce21a48e88b7e0c633e49dceb
 http://security.debian.org/pool/updates/main/d/djbdns/dbndns_1.05-4+lenny1_alpha.deb
   Size/MD5 checksum:   468272 b0a4798d65577dd53467643d000399b6

amd64 architecture (AMD x86_64 (AMD64))

 http://security.debian.org/pool/updates/main/d/djbdns/dbndns_1.05-4+lenny1_amd64.deb
   Size/MD5 checksum:   350360 4ba6658eb89e6c077bc65d890171cc72
 http://security.debian.org/pool/updates/main/d/djbdns/djbdns_1.05-4+lenny1_amd64.deb
   Size/MD5 checksum:   280924 db6e0cf1d36bd78ddca6c5d8529cceb0

arm architecture (ARM)

 http://security.debian.org/pool/updates/main/d/djbdns/dbndns_1.05-4+lenny1_arm.deb
   Size/MD5 checksum:   250172 d10532c10a8b1a97a4a80eb9fc13df4a
 http://security.debian.org/pool/updates/main/d/djbdns/djbdns_1.05-4+lenny1_arm.deb
   Size/MD5 checksum:   225608 341f7d38f134999384529eeb198086a5

armel architecture (ARM EABI)

 http://security.debian.org/pool/updates/main/d/djbdns/dbndns_1.05-4+lenny1_armel.deb
   Size/MD5 checksum:   298760 02d7ec2dd3de0f7f7f1953c2598bb66d
 http://security.debian.org/pool/updates/main/d/djbdns/djbdns_1.05-4+lenny1_armel.deb
   Size/MD5 checksum:   250440 6a510480fb22b97faf94dfbb7d5abccf

hppa architecture (HP PA RISC)

 http://security.debian.org/pool/updates/main/d/djbdns/dbndns_1.05-4+lenny1_hppa.deb
   Size/MD5 checksum:   365562 40bc21efebeb6e848484cbfcaac87e72
 http://security.debian.org/pool/updates/main/d/djbdns/djbdns_1.05-4+lenny1_hppa.deb
   Size/MD5 checksum:   303522 884370529609702ecc4dc362953210db

i386 architecture (Intel ia32)

 http://security.debian.org/pool/updates/main/d/djbdns/dbndns_1.05-4+lenny1_i386.deb
   Size/MD5 checksum:   269360 cb87c5c2b60dbb6e2bc30b6e47ea5beb
 http://security.debian.org/pool/updates/main/d/djbdns/djbdns_1.05-4+lenny1_i386.deb
   Size/MD5 checksum:   237334 ea0f66d842ce13a6a989efb387745813

ia64 architecture (Intel ia64)

 http://security.debian.org/pool/updates/main/d/djbdns/djbdns_1.05-4+lenny1_ia64.deb
   Size/MD5 checksum:   495368 fd6574844346c01adc85bb2f64f09009
 http://security.debian.org/pool/updates/main/d/djbdns/dbndns_1.05-4+lenny1_ia64.deb
   Size/MD5 checksum:   584748 dc2f804743edc82eacfd3a5a644ae77a

mips architecture (MIPS (Big Endian))

 http://security.debian.org/pool/updates/main/d/djbdns/djbdns_1.05-4+lenny1_mips.deb
   Size/MD5 checksum:   364272 c4da4293a29d8d499aa3b22ddbce4fd1
 http://security.debian.org/pool/updates/main/d/djbdns/dbndns_1.05-4+lenny1_mips.deb
   Size/MD5 checksum:   447956 53db6801f7cae6324296f1f47eb0b86c

mipsel architecture (MIPS (Little Endian))

 http://security.debian.org/pool/updates/main/d/djbdns/djbdns_1.05-4+lenny1_mipsel.deb
   Size/MD5 checksum:   363136 2a77e576d2bd8129659a0abe4944b877
 http://security.debian.org/pool/updates/main/d/djbdns/dbndns_1.05-4+lenny1_mipsel.deb
   Size/MD5 checksum:   446700 2bafbc1dc76d470484ab108e92b7dae2

powerpc architecture (PowerPC)

 http://security.debian.org/pool/updates/main/d/djbdns/djbdns_1.05-4+lenny1_powerpc.deb
   Size/MD5 checksum:   270750 3ee59ee9320d6a205c4a8decaa40f542
 http://security.debian.org/pool/updates/main/d/djbdns/dbndns_1.05-4+lenny1_powerpc.deb
   Size/MD5 checksum:   332636 629f4decc315ac55e7a2704de4755358

s390 architecture (IBM S/390)

 http://security.debian.org/pool/updates/main/d/djbdns/djbdns_1.05-4+lenny1_s390.deb
   Size/MD5 checksum:   265986 2148a2f1d5f12fc444f76414a632aaea
 http://security.debian.org/pool/updates/main/d/djbdns/dbndns_1.05-4+lenny1_s390.deb
   Size/MD5 checksum:   324762 5c616a1fccaf633ecb77f145b6c4f648

sparc architecture (Sun SPARC/UltraSPARC)

 http://security.debian.org/pool/updates/main/d/djbdns/dbndns_1.05-4+lenny1_sparc.deb
   Size/MD5 checksum:   289234 030ded000454623b720d589eaf5db8bc
 http://security.debian.org/pool/updates/main/d/djbdns/djbdns_1.05-4+lenny1_sparc.deb
   Size/MD5 checksum:   252888 18fd0b54b12a8d65a9aeb41b11b78e85


 These files will probably be moved into the stable distribution on
 its next update.

- ---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iQEcBAEBAgAGBQJKW5QgAAoJECIIoQCMVaAcwfQH/1ZZCH0SVcFecp+0FPq8KDOH
+Ug7s4Voup4P5FS7bTTctr+UNC/beS2SPM8uJtCSvCAB04umEWVsmUmk5l+s9LVL
6XwWNP+UGoGz86CMI9gxQ3+UKqfJ/Magz018t0eP5BlLacIr5L7NoFc4uUJ15rE3
fHJb+6bi3Z6fjxnXr80D1Zgl6WRxDNnl0QOL5ny/R+8nrmqVN0Ojp2kvQnyID8gz
ZwHgOG5I6XJs2SSm2K57QN5vmC1LfNqkh4tf54+aULmHNJoE+eyX7hH1vRYPpwxE
7HMTkxP19zCIxAA5RW8hTxNbfLtUVFbbrH88T9RUt66eGLTW9BRGYAdBki/gTGA=
=hPtm
-----END PGP SIGNATURE-----
Screenshot

Project Spotlight

Kigo Video Converter Ultimate for Mac

A tool for converting and editing videos.

Screenshot

Project Spotlight

Kid3

An efficient tagger for MP3, Ogg/Vorbis, and FLAC files.