~ubuntu-branches/ubuntu/precise/maradns/precise

« back to all changes in this revision

Viewing changes to doc/en/webpage/security.html

Committer: Bazaar Package Importer
Author(s): Kai Hendry
Date: 2007-05-19 22:00:19 UTC
mfrom: (1.1.9 upstream)
Revision ID: james.westby@ubuntu.com-20070519220019-5sfo6wjbeqecn6lb

Tags: 1.2.12.06-1

* New upstream release
* A couple of memory leaks fixed
* Upstream considers these bugs important, hence medium urgency

files added:
build/maradns-1.2.12.06.spec

doc/en/source/mararc.ej.orig

update/1.2.12.06

update/1.2.12.06/1.2.12.05-to-1.2.12.06

update/1.2.12.06/maradns-1.2.12.05-changelog.patch

update/1.2.12.06/maradns-1.2.12.05-download.patch

update/1.2.12.06/maradns-1.2.12.05-faq.patch

update/1.2.12.06/maradns-1.2.12.05-rpm_spec.patch

update/1.2.12.06/maradns-1.2.12.05-star_collision.patch

update/1.2.12.06/maradns-1.2.12.05-webapge.patch

update/1.2.12.06/maradns-1.3.03-nxdomain_star_bug.patch

update/1.2.12.06/maradns-1.3.04-def_zone_nxdomain.patch

update/1.2.12.06/maradns-1.3.04-docfix1.patch

update/1.2.12.06/maradns-1.3.04-memleak.patch

update/1.2.12.06/maradns-1.3.04-starlabel_bug.patch

files removed:
build/maradns-1.2.12.05.spec

files modified:
debian/changelog

doc/en/changelog.html

doc/en/changelog.txt

doc/en/faq.html

doc/en/faq.txt

doc/en/man/maradns.8

doc/en/man/mararc.5

doc/en/pdf/manpage_reference.pdf

doc/en/source/changelog.embed

doc/en/source/default_zonefile.ej

doc/en/source/faq.embed

doc/en/source/mararc.ej

doc/en/text/default_zonefile.txt

doc/en/text/man.maradns.txt

doc/en/text/man.mararc.txt

doc/en/tutorial/default_zonefile.html

doc/en/tutorial/man.maradns.html

doc/en/tutorial/man.mararc.html

doc/en/webpage/advocacy.embed

doc/en/webpage/advocacy.html

doc/en/webpage/changelog.html

doc/en/webpage/download.embed

doc/en/webpage/download.html

doc/en/webpage/faq.html

doc/en/webpage/index.embed

doc/en/webpage/index.html

doc/en/webpage/security.embed

doc/en/webpage/security.html

server/MaraDNS.c

server/MaraDNS.c.orig

Show diffs side-by-side

added added

removed removed

doc/en/webpage/security.html

352

<p>

353

354

Impact: Theoretical local spoofing of DNS records.

355

specially crafted DNS packets to a server running MaraDNS. MaraDNS

356

would function normally once the DNS packets were no longer being

357

sent. This affected all versions of MaraDNS, and was fixed in

358

MaraDNS 1.2.12.05, 1.0.40, and the 20070216 snapshot of MaraDNS.

359

360

<p>

361

362

Another problem was that MaraDNS would leak approximately 20 bytes

363

whenever an invalid DNS packet was received. This leak would have

364

allowed an attacker to cause MaraDNS to allocate an arbitrary large

365

amount of memory by sending a very large number of invalid DNS

366

packers to the server running MaraDNS. This affected the 1.2 and

367

1.3 branches of MaraDNS, and was fixed in MaraDNS 1.2.12.05

368

and the 20070216 snapshot of MaraDNS.

355

369

356

370

</ol>

357

371

Older »