STBR; Fwd: pdnsd 1.1.7

GoTaR gotar w poczta.onet.pl
Wto, 8 Sty 2002, 04:46:11 CET


----- Forwarded message from Thomas Moestl <tmoestl w gmx.net> -----

From:	Thomas Moestl <tmoestl w gmx.net>
Subject: pdnsd 1.1.7
To:	undisclosed-recipients:;

To all maintainers of pdnsd packages/ports.

Hi,

a new version of pdnsd (1.1.7) has just been uploaded to the pdnsd
site (as http://home.t-online.de/home/Moestl/pdnsd-1.1.7.tar.gz and
http://home.t-online.de/home/Moestl/pdnsd-1.1.7.tar.bz2), but has not
yet been publically announced.
This release fixes problems that were found during an audit of the
code. These might be exploitable by an attacker that sets up a
malicious name server, gets pdnsd to query it and then sends malformed
answer packets with certain query types.
This is made hard by the fact that pdnsd usually talks to trusted name
servers (that are given in the configuration file), and will only in
certain cases query other servers. It is expected that it is hard or
impossible to pass the malicous records through these trusted servers.
In the standard configuration, pdnsd runs as a non-privileged user.

This new version will be announced shortly (probably tomorrow).

Could you please update the port/package you are maintaining, and take
care to notify the respective security officer if required?

Thanks, and sorry for the trouble,
	- thomas



----- End forwarded message -----

-- 
GoTaR <gotar w priv0.onet.pl>		USA sux
	La ilaha illa´l-lah! La ilaha!



Więcej informacji o liście dyskusyjnej pld-devel-pl