Justin Mason wrote:
This issue has no security impact. The flaw will cause Net::DNS to
"croak", which in turn should be handled by the calling application. In
the case of RHEL, the only known application that uses this
functionality is Spamassassin. Spamassassin handles this failure
gracefully and continues to function, minus the DNS tests.
we haven't seen details of the vulnerability, but I think Josh's take on
the issue sounds correct.
if anyone has a demo of the bug, please pass it on so we can try it out.
i guess a 'croak' isn't a dos... ;-)
its in freebsd ports, a 'portupgrade p5-Net-DNS' should update it quickly.
--j.
--
Michael Scheidell, CTO
Main: 561-999-5000, Office: 561-939-7259
> *| *SECNAP Network Security Corporation
Winner 2008 Technosium hot company award.
www.technosium.com/hotcompanies/ <http://www.technosium.com/hotcompanies/>
_________________________________________________________________________
This email has been scanned and certified safe by SpammerTrap(tm).
For Information please see http://www.spammertrap.com
_________________________________________________________________________
