Bug 245804 (CVE-2007-3409)

Summary: CVE-2007-3409 Perl Net::DNS denial of service
Product: [Other] Security Response Reporter: Josh Bressers <bressers>
Component: vulnerabilityAssignee: Red Hat Product Security <security-response-team>
Status: CLOSED ERRATA QA Contact:
Severity: medium Docs Contact:
Priority: medium    
Version: unspecifiedCC: robin.norwood
Target Milestone: ---   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2008-01-16 10:00:49 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 245807, 245808, 245809, 245811, 245812, 245813, 245814, 833955    
Bug Blocks:    

Description Josh Bressers 2007-06-26 19:32:09 UTC
An denial of service bug has been found in the way perl-Net-DNS expands
compressed DNS results.  It is possible to cause the application using
perl-Net-DNS to consume resources and crash.

http://rt.cpan.org/Public/Bug/Display.html?id=27285

Comment 5 Tomas Hoger 2008-01-16 09:43:28 UTC
Upstream fixed in version 0.60:

  http://search.cpan.org/src/OLAF/Net-DNS-0.60/Changes

Comment 6 Red Hat Product Security 2008-01-16 10:00:49 UTC
This issue was addressed in:

Red Hat Enterprise Linux:
  http://rhn.redhat.com/errata/RHSA-2007-0674.html

Fedora:
  updated to fixed upstream version