[SECURITY] [DLA 3457-1] maradns security update

To: <debian-lts-announce@lists.debian.org>
Subject: [SECURITY] [DLA 3457-1] maradns security update
From: Bastien Roucaries <rouca@debian.org>
Date: Mon, 19 Jun 2023 11:15:27 +0000
Message-id: <[🔎] ffc378075a5d1bc16f3c21cf3b7b1bfa.rouca@debian.org>
Mail-followup-to: debian-lts@lists.debian.org
Reply-to: debian-lts@lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian LTS Advisory DLA-3457-1                debian-lts@lists.debian.org
https://www.debian.org/lts/security/                   Bastien RoucariÃ¨s
June 19, 2023                                 https://wiki.debian.org/LTS
- -------------------------------------------------------------------------

Package        : maradns
Version        : 2.0.13-1.2+deb10u1
CVE ID         : CVE-2022-30256 CVE-2023-31137
Debian Bug     : 1033252 1035936

MaraDNS is a small and lightweight cross-platform open-source DNS server.

CVE-2022-30256

    A revoked domain name (so called "Ghost" domain name) can still be
    resolvable for a long time by staying in the cache longer than
    max_ttl allows. "Ghost" domain names includes expired domains
    and taken-down malicious domains.

CVE-2023-31137

    The authoritative server in MaraDNS had an issue where it is
    possible to remotely terminate the MaraDNS process with a
    specialy crafted packet (so called "packet of death").

For Debian 10 buster, these problems have been fixed in version
2.0.13-1.2+deb10u1.

We recommend that you upgrade your maradns packages.

For the detailed security status of maradns please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/maradns

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEXQGHuUCiRbrXsPVqADoaLapBCF8FAmSQOM8ACgkQADoaLapB
CF8l8A/+JIy73RPqTaVKf5wm2rbzsagJ/Ab0O+E6oXUUwYePgXGMlAuV2GWYwBbp
aGw2simemXupzSNjq3AYHZmZEkSYcat28dKxLB7D/0n2f+vyw3mM2La7DVCbLmOE
ew1mCgYX085bzrxeB6ubQQk0Sz9yl8dUVrarDOan9UOrHVpwiA2qId18Y2w5aH85
xq2Iw/m2eEb0QsQ5L1vDow/nD+dyt4Ia1N2f62wpd6mIdQcH0MQtfCHWFSliFf/2
SLPrPFVqXigznT/K+EoBhiznNN03JMHAmjKmih3juwe5aQQsalHAHrR7B+HVu/Zl
VQ0TspJ5yGPVpmL9oz75NjaMEYpJaj32hXVSzfSZp9GMr/HlF3z7TXqzt56pOOHa
IMmivDGJV6nSndAUfaUaQ/hvJmgbAWrqB165pw1Yp/coQ9Pwa+A4W4aN0Y5JdUYZ
d9kv5oHG3vp7IN7cKglLgDSara6osDt7sn7mL6b4psBWXKlHVa4PD9j7azL5e0Si
1HL5XY1jF5EXv4pSeuQXtWP79BOXVWzarcrHjuj7N8fycu8p2SpY4DB6PhAUl4fI
5RHrKfMgbkKgZhFWxaWe9XaQHfH5/S5CitxJkpZeHSWaAOhtgz2zYz7/Ru9sRlz8
akH1+N3dmeoFSZDOc7lLE2WO5V2S5Rf6FrX3m5t6D0mZMxQwtgc=
=NM3Q
-----END PGP SIGNATURE-----

Reply to:

Prev by Date: [SECURITY] [DLA 3456-1] requests security update
Next by Date: [SECURITY] [DLA 3458-1] php7.3 security update
Previous by thread: [SECURITY] [DLA 3456-1] requests security update
Next by thread: [SECURITY] [DLA 3458-1] php7.3 security update
Index(es):
- Date
- Thread