Dick Franks reported that a new version of Net::DNS is available This version fixes a potential security problem, described: http://rt.cpan.org/Public/Bug/Display.html?id=23961 Updates for fedora and RHEL are recommended. see also bug #245458, which tracks the Fedora version. RHEL5 uses Net-DNS-0.59-1, just like Fedora FC5-F7, so the fix is the same. However, older versions of RHEL use much older versions of Net::DNS - I have not yet verified that the issue exists with these versions, or done a review of the other changes to check for other possible issues.
I'm moving this to the security response queue for proper tracking.
Fixed in upstream verson 0.60: http://search.cpan.org/src/OLAF/Net-DNS-0.60/Changes
This issue was addressed in: Red Hat Enterprise Linux: http://rhn.redhat.com/errata/RHSA-2007-0675.html http://rhn.redhat.com/errata/RHSA-2007-0674.html Fedora: updated to fixed upstream version