Bug 426437 (CVE-2007-6341)
Summary: | CVE-2007-6341 Perl crash by crafted response to Net::DNS | ||
---|---|---|---|
Product: | [Other] Security Response | Reporter: | Lubomir Kundrak <lkundrak> |
Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> |
Status: | CLOSED NOTABUG | QA Contact: | |
Severity: | low | Docs Contact: | |
Priority: | low | ||
Version: | unspecified | CC: | mmaslano, robin.norwood, wtogami |
Target Milestone: | --- | Keywords: | Security |
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-6341 | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | Bug Fix | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2008-03-19 10:44:55 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
Lubomir Kundrak
2007-12-20 23:41:44 UTC
This issue has no security impact. The flaw will cause Net::DNS to "croak", which in turn should be handled by the calling application. In the case of RHEL, the only known application that uses this functionality is Spamassassin. Spamassassin handles this failure gracefully and continues to function, minus the DNS tests. This and similar vulnerabilities fixed in Net::DNS version 0.63. Net::DNS version 0.63 is in rawhide. |