* Add patch dnsbof.diff to fix a buffer overflow in dns_decode.c (Closes:
#504121).
* Add patch sysfix.diff that fixes chroot() and set?id() calls. Also
makes use of limits to prevent fork of the process.
Upstream changelog for 0.4.3:
Version 0.4.3
Fix unsigned int pb and error in dns_decode (John Lampe)
Fix drop privileges problems (Solar Designer)
Add limit to prevent fork() (Idea from Solar Designer)
Version 0.4.2
Suppressed
I compared debian patched version with upstream 0.4.3, and there is no relevant changes to .c files, affecting to security
Binary package hint: dns2tcp
As stated in Debian Bug #504121 and Secunia at http:// secunia. com/advisories/ 32514/, there is a security flaw in dns2tcp, with a buffer overflow possibility in dns_decode.c
This flaw has been fixed in upstream 0.4.3 version and in debian, in 0.4.dfsg-4, and the patch has been fixed in 0.4.dfsg-5.
Debian changelog:
dns2tcp (0.4.dfsg-5) unstable; urgency=low
* Fix dnsbof.diff to add an extra check for total_len.
-- Arnaud Cornet <email address hidden> Tue, 04 Nov 2008 08:53:43 +0100
dns2tcp (0.4.dfsg-4) unstable; urgency=low
* Add patch dnsbof.diff to fix a buffer overflow in dns_decode.c (Closes:
#504121).
* Add patch sysfix.diff that fixes chroot() and set?id() calls. Also
makes use of limits to prevent fork of the process.
-- Arnaud Cornet <email address hidden> Fri, 31 Oct 2008 19:28:28 +0100
Upstream changelog for 0.4.3:
Version 0.4.3
Fix unsigned int pb and error in dns_decode (John Lampe)
Fix drop privileges problems (Solar Designer)
Add limit to prevent fork() (Idea from Solar Designer)
Version 0.4.2
Suppressed
I compared debian patched version with upstream 0.4.3, and there is no relevant changes to .c files, affecting to security