Red Hat Bugzilla – Bug 245458
A new version of perl(Net::DNS) is available, which fixes potential security problems
Last modified: 2007-11-30 17:12:08 EST
Dick Franks reported that a new version of Net::DNS is available This version
fixes a potential security problem, described:
Updates for fedora and RHEL are recommended.
Cc-ing Josh Bressers as part of the update is security related.
Note - I know of no exploits in the wild, however, as described in the RT above,
some issues have been noticed by users.
In particular, this link:
has a script which demonstrates the problem. On my fc-7 system with
perl-Net-DNS-0.59-2.fc7, all of the child processes have the same 'ID's. With
perl-Net-DNS-0.60-1.fc7, the IDs are randomized.
perl-Net-DNS-0.60-1.fc7 has been pushed to the Fedora 7 stable repository. If problems still persist, please make note of it in this bug report.