- -------------------------------------------------------------------------- Debian Security Advisory DSA 963-1 security@debian.org http://www.debian.org/security/ Martin Schulze February 2nd, 2006 http://www.debian.org/security/faq - -------------------------------------------------------------------------- Package : mydns Vulnerability : missing input sanitising Problem type : remote Debian-specific: no CVE ID : CVE-2006-0351 BugTraq ID : 16431 Debian Bug : 348826 NISCC reported that MyDNS, a DNS server using an SQL database for data storage, can be tricked into an infinite loop by a remote attacker and hence cause a denial of service condition. The old stable distribution (woody) does not contain mydns packages. For the stable distribution (sarge) this problem has been fixed in version 1.0.0-4sarge1. For the unstable distribution (sid) this problem has been fixed in version 1.1.0+pre-3. We recommend that you upgrade your mydns package. Upgrade Instructions - -------------------- wget url will fetch the file for you dpkg -i file.deb will install the referenced file. If you are using the apt-get package manager, use the line for sources.list as given below: apt-get update will update the internal database apt-get upgrade will install corrected packages You may use an automated update by adding the resources from the footer to the proper configuration. Debian GNU/Linux 3.1 alias sarge - -------------------------------- Source archives: http://security.debian.org/pool/updates/main/m/mydns/mydns_1.0.0-4sarge1.dsc Size/MD5 checksum: 671 e1244fb2b786c4571147d8be7b56216e http://security.debian.org/pool/updates/main/m/mydns/mydns_1.0.0-4sarge1.diff.gz Size/MD5 checksum: 17777 b48a997805664e2c074df3c1015edf99 http://security.debian.org/pool/updates/main/m/mydns/mydns_1.0.0.orig.tar.gz Size/MD5 checksum: 689368 5c99d5f0aacb04c2e1f595c111a3f9a4 Architecture independent components: http://security.debian.org/pool/updates/main/m/mydns/mydns-common_1.0.0-4sarge1_all.deb Size/MD5 checksum: 30846 d874646c2fc47ff4fa89528c78755a00 Alpha architecture: http://security.debian.org/pool/updates/main/m/mydns/mydns-mysql_1.0.0-4sarge1_alpha.deb Size/MD5 checksum: 862238 821240c6825724424a3bc6d8718fcfa6 http://security.debian.org/pool/updates/main/m/mydns/mydns-pgsql_1.0.0-4sarge1_alpha.deb Size/MD5 checksum: 203926 7b81808aab0d8f3d0e66c5ba54c30f4e AMD64 architecture: http://security.debian.org/pool/updates/main/m/mydns/mydns-mysql_1.0.0-4sarge1_amd64.deb Size/MD5 checksum: 727218 68cfefc7361b9fd9781781b24a3df58b http://security.debian.org/pool/updates/main/m/mydns/mydns-pgsql_1.0.0-4sarge1_amd64.deb Size/MD5 checksum: 174886 e634ccfef1e8ea5910662e383184d5aa ARM architecture: http://security.debian.org/pool/updates/main/m/mydns/mydns-mysql_1.0.0-4sarge1_arm.deb Size/MD5 checksum: 671170 9e432bed009b13b454fe7cd7246762fc http://security.debian.org/pool/updates/main/m/mydns/mydns-pgsql_1.0.0-4sarge1_arm.deb Size/MD5 checksum: 155600 35b3f3b30ddb55f3b3c2deb592a89835 Intel IA-32 architecture: http://security.debian.org/pool/updates/main/m/mydns/mydns-mysql_1.0.0-4sarge1_i386.deb Size/MD5 checksum: 684400 f57be304f708be8aa726022c029aff00 http://security.debian.org/pool/updates/main/m/mydns/mydns-pgsql_1.0.0-4sarge1_i386.deb Size/MD5 checksum: 158972 b199299be428fb3c707e74d7ab2efb30 Intel IA-64 architecture: http://security.debian.org/pool/updates/main/m/mydns/mydns-mysql_1.0.0-4sarge1_ia64.deb Size/MD5 checksum: 946174 b0a8580949dd1fb336c1b73c8688c564 http://security.debian.org/pool/updates/main/m/mydns/mydns-pgsql_1.0.0-4sarge1_ia64.deb Size/MD5 checksum: 236268 502db665376bc04252e76802e5908ccc HP Precision architecture: http://security.debian.org/pool/updates/main/m/mydns/mydns-mysql_1.0.0-4sarge1_hppa.deb Size/MD5 checksum: 757184 70215c85ca68b7243ae56c7d4adf8baf http://security.debian.org/pool/updates/main/m/mydns/mydns-pgsql_1.0.0-4sarge1_hppa.deb Size/MD5 checksum: 178260 36527bf47b346401329ceed8e0d19d00 Motorola 680x0 architecture: http://security.debian.org/pool/updates/main/m/mydns/mydns-mysql_1.0.0-4sarge1_m68k.deb Size/MD5 checksum: 638514 ab308138fc62fa46f029bfc8f479bfb4 http://security.debian.org/pool/updates/main/m/mydns/mydns-pgsql_1.0.0-4sarge1_m68k.deb Size/MD5 checksum: 142454 bed035eaed566f486125c69b1537b8f6 Big endian MIPS architecture: http://security.debian.org/pool/updates/main/m/mydns/mydns-mysql_1.0.0-4sarge1_mips.deb Size/MD5 checksum: 764628 7e87768efab69fa51ca0b9adbad4bf40 http://security.debian.org/pool/updates/main/m/mydns/mydns-pgsql_1.0.0-4sarge1_mips.deb Size/MD5 checksum: 175102 6e702b24e9d1158be86d54cec7a09796 Little endian MIPS architecture: http://security.debian.org/pool/updates/main/m/mydns/mydns-mysql_1.0.0-4sarge1_mipsel.deb Size/MD5 checksum: 764022 bb0b9bc8ebe1528baa4464ecad0af10c http://security.debian.org/pool/updates/main/m/mydns/mydns-pgsql_1.0.0-4sarge1_mipsel.deb Size/MD5 checksum: 175308 b20be096ed2481138d83adbdb8b6f5d5 PowerPC architecture: http://security.debian.org/pool/updates/main/m/mydns/mydns-mysql_1.0.0-4sarge1_powerpc.deb Size/MD5 checksum: 743710 dcdb2e33b2ee22bda1e6994161972bbb http://security.debian.org/pool/updates/main/m/mydns/mydns-pgsql_1.0.0-4sarge1_powerpc.deb Size/MD5 checksum: 178998 de334d94fa04d9c910877fa0bf3ef37b IBM S/390 architecture: http://security.debian.org/pool/updates/main/m/mydns/mydns-mysql_1.0.0-4sarge1_s390.deb Size/MD5 checksum: 724954 1b516b6949a19565b9579734846526c8 http://security.debian.org/pool/updates/main/m/mydns/mydns-pgsql_1.0.0-4sarge1_s390.deb Size/MD5 checksum: 168860 0c4ff07361bcab17a3b7c2d78dac9bec Sun Sparc architecture: http://security.debian.org/pool/updates/main/m/mydns/mydns-mysql_1.0.0-4sarge1_sparc.deb Size/MD5 checksum: 696440 65600bc54fc7cb587473d49bf78ef1b9 http://security.debian.org/pool/updates/main/m/mydns/mydns-pgsql_1.0.0-4sarge1_sparc.deb Size/MD5 checksum: 155700 b7dcdb09aecf69dac27ecddfb133e904 These files will probably be moved into the stable distribution on its next update. - --------------------------------------------------------------------------------- For apt-get: deb http://security.debian.org/ stable/updates main For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main Mailing list: debian-security-announce@lists.debian.org Package info: `apt-cache show ' and http://packages.debian.org/ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2 (GNU/Linux) iD8DBQFD4aoxW5ql+IAeqTIRAsr5AJ47BcnrhKhB2t38wRIVAwOJshpLYgCeIALF X5KiSYG4DMy50u/AY/6kisU= =c7z2 -----END PGP SIGNATURE----- _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/