Bulletin d'alerte Debian

DSA-771-1 pdns -- Plusieurs vulnérabilités

Date du rapport:

1 août 2005

Paquets concernés:

Vulnérabilité:

Oui

Références dans la base de données de sécurité:

Dans le système de suivi des bogues Debian : Bogue 318798.
Dans le dictionnaire CVE du Mitre : CVE-2005-2301, CVE-2005-2302.

Pour plus d'information:

Plusieurs problèmes ont été découverts dans pdns, un serveur de noms de domaine flexible, ce qui peut permettre un déni de service. Le projet « Common Vulnerabilities and Exposures » a identifié les problèmes suivants :

CAN-2005-2301
Norbert Sendetzky et Jan de Groot ont découvert que l'interface LDAP n'échappait pas correctement toutes les requêtes, causant ainsi un arrêt et dès lors l'impossibilité de répondre aux requêtes.
CAN-2005-2302
Wilco Baan a découvert que des requêtes provenant de clients n'ayant pas l'autorisation de réaliser des requêtes récursives peuvent temporairement bloquer celles des clients autorisés. Cela permet donc à des utilisateurs extérieurs de bloquer temporairement le domaine d'utilisateurs normaux.

L'ancienne distribution stable (Woody) ne contient pas le paquet pdns.

Pour l'actuelle distribution stable (Sarge), ces problèmes ont été corrigés dans la version 2.9.17-13sarge1.

Pour la distribution instable (Sid), ces problèmes ont été corrigés dans la version 2.9.18-1.

Nous vous recommandons de mettre à niveau votre paquet pdns.

Corrigé dans:

Debian GNU/Linux 3.1 (sarge)

Source :: http://security.debian.org/pool/updates/main/p/pdns/pdns_2.9.17-13sarge1.dsc; http://security.debian.org/pool/updates/main/p/pdns/pdns_2.9.17-13sarge1.diff.gz; http://security.debian.org/pool/updates/main/p/pdns/pdns_2.9.17.orig.tar.gz
Composant indépendant de l'architecture :: http://security.debian.org/pool/updates/main/p/pdns/pdns-doc_2.9.17-13sarge1_all.deb
Alpha:: http://security.debian.org/pool/updates/main/p/pdns/pdns_2.9.17-13sarge1_alpha.deb; http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-geo_2.9.17-13sarge1_alpha.deb; http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-ldap_2.9.17-13sarge1_alpha.deb; http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-mysql_2.9.17-13sarge1_alpha.deb; http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-pgsql_2.9.17-13sarge1_alpha.deb; http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-pipe_2.9.17-13sarge1_alpha.deb; http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-sqlite_2.9.17-13sarge1_alpha.deb; http://security.debian.org/pool/updates/main/p/pdns/pdns-recursor_2.9.17-13sarge1_alpha.deb; http://security.debian.org/pool/updates/main/p/pdns/pdns-server_2.9.17-13sarge1_alpha.deb
ARM:: http://security.debian.org/pool/updates/main/p/pdns/pdns_2.9.17-13sarge1_arm.deb; http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-geo_2.9.17-13sarge1_arm.deb; http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-ldap_2.9.17-13sarge1_arm.deb; http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-mysql_2.9.17-13sarge1_arm.deb; http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-pgsql_2.9.17-13sarge1_arm.deb; http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-pipe_2.9.17-13sarge1_arm.deb; http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-sqlite_2.9.17-13sarge1_arm.deb; http://security.debian.org/pool/updates/main/p/pdns/pdns-recursor_2.9.17-13sarge1_arm.deb; http://security.debian.org/pool/updates/main/p/pdns/pdns-server_2.9.17-13sarge1_arm.deb
Intel IA-32:: http://security.debian.org/pool/updates/main/p/pdns/pdns_2.9.17-13sarge1_i386.deb; http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-geo_2.9.17-13sarge1_i386.deb; http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-ldap_2.9.17-13sarge1_i386.deb; http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-mysql_2.9.17-13sarge1_i386.deb; http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-pgsql_2.9.17-13sarge1_i386.deb; http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-pipe_2.9.17-13sarge1_i386.deb; http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-sqlite_2.9.17-13sarge1_i386.deb; http://security.debian.org/pool/updates/main/p/pdns/pdns-recursor_2.9.17-13sarge1_i386.deb; http://security.debian.org/pool/updates/main/p/pdns/pdns-server_2.9.17-13sarge1_i386.deb
Intel IA-64:: http://security.debian.org/pool/updates/main/p/pdns/pdns_2.9.17-13sarge1_ia64.deb; http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-geo_2.9.17-13sarge1_ia64.deb; http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-ldap_2.9.17-13sarge1_ia64.deb; http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-mysql_2.9.17-13sarge1_ia64.deb; http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-pgsql_2.9.17-13sarge1_ia64.deb; http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-pipe_2.9.17-13sarge1_ia64.deb; http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-sqlite_2.9.17-13sarge1_ia64.deb; http://security.debian.org/pool/updates/main/p/pdns/pdns-recursor_2.9.17-13sarge1_ia64.deb; http://security.debian.org/pool/updates/main/p/pdns/pdns-server_2.9.17-13sarge1_ia64.deb
HPPA:: http://security.debian.org/pool/updates/main/p/pdns/pdns_2.9.17-13sarge1_hppa.deb; http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-geo_2.9.17-13sarge1_hppa.deb; http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-ldap_2.9.17-13sarge1_hppa.deb; http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-mysql_2.9.17-13sarge1_hppa.deb; http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-pgsql_2.9.17-13sarge1_hppa.deb; http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-pipe_2.9.17-13sarge1_hppa.deb; http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-sqlite_2.9.17-13sarge1_hppa.deb; http://security.debian.org/pool/updates/main/p/pdns/pdns-recursor_2.9.17-13sarge1_hppa.deb; http://security.debian.org/pool/updates/main/p/pdns/pdns-server_2.9.17-13sarge1_hppa.deb
Motorola 680x0:: http://security.debian.org/pool/updates/main/p/pdns/pdns_2.9.17-13sarge1_m68k.deb; http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-geo_2.9.17-13sarge1_m68k.deb; http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-ldap_2.9.17-13sarge1_m68k.deb; http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-mysql_2.9.17-13sarge1_m68k.deb; http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-pgsql_2.9.17-13sarge1_m68k.deb; http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-pipe_2.9.17-13sarge1_m68k.deb; http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-sqlite_2.9.17-13sarge1_m68k.deb; http://security.debian.org/pool/updates/main/p/pdns/pdns-recursor_2.9.17-13sarge1_m68k.deb; http://security.debian.org/pool/updates/main/p/pdns/pdns-server_2.9.17-13sarge1_m68k.deb
Big endian MIPS:: http://security.debian.org/pool/updates/main/p/pdns/pdns_2.9.17-13sarge1_mips.deb; http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-geo_2.9.17-13sarge1_mips.deb; http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-ldap_2.9.17-13sarge1_mips.deb; http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-mysql_2.9.17-13sarge1_mips.deb; http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-pgsql_2.9.17-13sarge1_mips.deb; http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-pipe_2.9.17-13sarge1_mips.deb; http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-sqlite_2.9.17-13sarge1_mips.deb; http://security.debian.org/pool/updates/main/p/pdns/pdns-recursor_2.9.17-13sarge1_mips.deb; http://security.debian.org/pool/updates/main/p/pdns/pdns-server_2.9.17-13sarge1_mips.deb
Little endian MIPS:: http://security.debian.org/pool/updates/main/p/pdns/pdns_2.9.17-13sarge1_mipsel.deb; http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-geo_2.9.17-13sarge1_mipsel.deb; http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-ldap_2.9.17-13sarge1_mipsel.deb; http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-mysql_2.9.17-13sarge1_mipsel.deb; http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-pgsql_2.9.17-13sarge1_mipsel.deb; http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-pipe_2.9.17-13sarge1_mipsel.deb; http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-sqlite_2.9.17-13sarge1_mipsel.deb; http://security.debian.org/pool/updates/main/p/pdns/pdns-recursor_2.9.17-13sarge1_mipsel.deb; http://security.debian.org/pool/updates/main/p/pdns/pdns-server_2.9.17-13sarge1_mipsel.deb
PowerPC:: http://security.debian.org/pool/updates/main/p/pdns/pdns_2.9.17-13sarge1_powerpc.deb; http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-geo_2.9.17-13sarge1_powerpc.deb; http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-ldap_2.9.17-13sarge1_powerpc.deb; http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-mysql_2.9.17-13sarge1_powerpc.deb; http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-pgsql_2.9.17-13sarge1_powerpc.deb; http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-pipe_2.9.17-13sarge1_powerpc.deb; http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-sqlite_2.9.17-13sarge1_powerpc.deb; http://security.debian.org/pool/updates/main/p/pdns/pdns-recursor_2.9.17-13sarge1_powerpc.deb; http://security.debian.org/pool/updates/main/p/pdns/pdns-server_2.9.17-13sarge1_powerpc.deb
IBM S/390:: http://security.debian.org/pool/updates/main/p/pdns/pdns_2.9.17-13sarge1_s390.deb; http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-geo_2.9.17-13sarge1_s390.deb; http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-ldap_2.9.17-13sarge1_s390.deb; http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-mysql_2.9.17-13sarge1_s390.deb; http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-pgsql_2.9.17-13sarge1_s390.deb; http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-pipe_2.9.17-13sarge1_s390.deb; http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-sqlite_2.9.17-13sarge1_s390.deb; http://security.debian.org/pool/updates/main/p/pdns/pdns-recursor_2.9.17-13sarge1_s390.deb; http://security.debian.org/pool/updates/main/p/pdns/pdns-server_2.9.17-13sarge1_s390.deb
Sun Sparc:: http://security.debian.org/pool/updates/main/p/pdns/pdns_2.9.17-13sarge1_sparc.deb; http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-geo_2.9.17-13sarge1_sparc.deb; http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-ldap_2.9.17-13sarge1_sparc.deb; http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-mysql_2.9.17-13sarge1_sparc.deb; http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-pgsql_2.9.17-13sarge1_sparc.deb; http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-pipe_2.9.17-13sarge1_sparc.deb; http://security.debian.org/pool/updates/main/p/pdns/pdns-backend-sqlite_2.9.17-13sarge1_sparc.deb; http://security.debian.org/pool/updates/main/p/pdns/pdns-recursor_2.9.17-13sarge1_sparc.deb; http://security.debian.org/pool/updates/main/p/pdns/pdns-server_2.9.17-13sarge1_sparc.deb

Les sommes MD5 des fichiers indiqués sont disponibles sur la page originale de l'alerte de sécurité.