-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- --------------------------------------------------------------------------
Debian Security Advisory DSA 963-1                     security@debian.org
http://www.debian.org/security/                             Martin Schulze
February 2nd, 2006                      http://www.debian.org/security/faq
- --------------------------------------------------------------------------

Package        : mydns
Vulnerability  : missing input sanitising
Problem type   : remote
Debian-specific: no
CVE ID         : CVE-2006-0351
BugTraq ID     : 16431
Debian Bug     : 348826

NISCC reported that MyDNS, a DNS server using an SQL database for data
storage, can be tricked into an infinite loop by a remote attacker and
hence cause a denial of service condition.

The old stable distribution (woody) does not contain mydns packages.

For the stable distribution (sarge) this problem has been fixed in
version 1.0.0-4sarge1.

For the unstable distribution (sid) this problem has been fixed in
version 1.1.0+pre-3.

We recommend that you upgrade your mydns package.


Upgrade Instructions
- --------------------

wget url
        will fetch the file for you
dpkg -i file.deb
        will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
        will update the internal database
apt-get upgrade
        will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.


Debian GNU/Linux 3.1 alias sarge
- --------------------------------

  Source archives:

    mydns_1.0.0-4sarge1.dsc
      Size/MD5 checksum:      671 e1244fb2b786c4571147d8be7b56216e
    mydns_1.0.0-4sarge1.diff.gz
      Size/MD5 checksum:    17777 b48a997805664e2c074df3c1015edf99
    mydns_1.0.0.orig.tar.gz
      Size/MD5 checksum:   689368 5c99d5f0aacb04c2e1f595c111a3f9a4

  Architecture independent components:

    mydns-common_1.0.0-4sarge1_all.deb
      Size/MD5 checksum:    30846 d874646c2fc47ff4fa89528c78755a00

  Alpha architecture:

    mydns-mysql_1.0.0-4sarge1_alpha.deb
      Size/MD5 checksum:   862238 821240c6825724424a3bc6d8718fcfa6
    mydns-pgsql_1.0.0-4sarge1_alpha.deb
      Size/MD5 checksum:   203926 7b81808aab0d8f3d0e66c5ba54c30f4e

  AMD64 architecture:

    mydns-mysql_1.0.0-4sarge1_amd64.deb
      Size/MD5 checksum:   727218 68cfefc7361b9fd9781781b24a3df58b
    mydns-pgsql_1.0.0-4sarge1_amd64.deb
      Size/MD5 checksum:   174886 e634ccfef1e8ea5910662e383184d5aa

  ARM architecture:

    mydns-mysql_1.0.0-4sarge1_arm.deb
      Size/MD5 checksum:   671170 9e432bed009b13b454fe7cd7246762fc
    mydns-pgsql_1.0.0-4sarge1_arm.deb
      Size/MD5 checksum:   155600 35b3f3b30ddb55f3b3c2deb592a89835

  Intel IA-32 architecture:

    mydns-mysql_1.0.0-4sarge1_i386.deb
      Size/MD5 checksum:   684400 f57be304f708be8aa726022c029aff00
    mydns-pgsql_1.0.0-4sarge1_i386.deb
      Size/MD5 checksum:   158972 b199299be428fb3c707e74d7ab2efb30

  Intel IA-64 architecture:

    mydns-mysql_1.0.0-4sarge1_ia64.deb
      Size/MD5 checksum:   946174 b0a8580949dd1fb336c1b73c8688c564
    mydns-pgsql_1.0.0-4sarge1_ia64.deb
      Size/MD5 checksum:   236268 502db665376bc04252e76802e5908ccc

  HP Precision architecture:

    mydns-mysql_1.0.0-4sarge1_hppa.deb
      Size/MD5 checksum:   757184 70215c85ca68b7243ae56c7d4adf8baf
    mydns-pgsql_1.0.0-4sarge1_hppa.deb
      Size/MD5 checksum:   178260 36527bf47b346401329ceed8e0d19d00

  Motorola 680x0 architecture:

    mydns-mysql_1.0.0-4sarge1_m68k.deb
      Size/MD5 checksum:   638514 ab308138fc62fa46f029bfc8f479bfb4
    mydns-pgsql_1.0.0-4sarge1_m68k.deb
      Size/MD5 checksum:   142454 bed035eaed566f486125c69b1537b8f6

  Big endian MIPS architecture:

    mydns-mysql_1.0.0-4sarge1_mips.deb
      Size/MD5 checksum:   764628 7e87768efab69fa51ca0b9adbad4bf40
    mydns-pgsql_1.0.0-4sarge1_mips.deb
      Size/MD5 checksum:   175102 6e702b24e9d1158be86d54cec7a09796

  Little endian MIPS architecture:

    mydns-mysql_1.0.0-4sarge1_mipsel.deb
      Size/MD5 checksum:   764022 bb0b9bc8ebe1528baa4464ecad0af10c
    mydns-pgsql_1.0.0-4sarge1_mipsel.deb
      Size/MD5 checksum:   175308 b20be096ed2481138d83adbdb8b6f5d5

  PowerPC architecture:

    mydns-mysql_1.0.0-4sarge1_powerpc.deb
      Size/MD5 checksum:   743710 dcdb2e33b2ee22bda1e6994161972bbb
    mydns-pgsql_1.0.0-4sarge1_powerpc.deb
      Size/MD5 checksum:   178998 de334d94fa04d9c910877fa0bf3ef37b

  IBM S/390 architecture:

    mydns-mysql_1.0.0-4sarge1_s390.deb
      Size/MD5 checksum:   724954 1b516b6949a19565b9579734846526c8
    mydns-pgsql_1.0.0-4sarge1_s390.deb
      Size/MD5 checksum:   168860 0c4ff07361bcab17a3b7c2d78dac9bec

  Sun Sparc architecture:

    mydns-mysql_1.0.0-4sarge1_sparc.deb
      Size/MD5 checksum:   696440 65600bc54fc7cb587473d49bf78ef1b9
    mydns-pgsql_1.0.0-4sarge1_sparc.deb
      Size/MD5 checksum:   155700 b7dcdb09aecf69dac27ecddfb133e904


  These files will probably be moved into the stable distribution on
  its next update.

-
 ---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-securitydists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (GNU/Linux)

iD8DBQFD4aoxW5ql+IAeqTIRAsr5AJ47BcnrhKhB2t38wRIVAwOJshpLYgCeIALF
X5KiSYG4DMy50u/AY/6kisU=
=c7z2
-----END PGP SIGNATURE-----


-- 
To UNSUBSCRIBE, email to debian-security-announce-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact
 listmaster@lists.debian.org