A buffer overflow in ldns's code to parse RR records has been fixed

Nov 25, 2011 15:09 GMT  ·  By

The Debian project proudly announced that several security updates have been released in the last few days. 

Juts like the developers assert, they take security very seriously and they handle all the issues brought to their attention to ensure they're corrected within a reasonable timeframe.

Most recent problem was discovered by David Wheeler, more precisely a buffer overflow in ldns's code to parse RR records, which could lead to the execution of arbitrary code. This problem is now fixed and users should upgrade the ldns packages.

Another problem was that Puppet, a centralized configuration management solution, misgenerated certificates if the "certdnsnames" option was used. This was also fixed.

Last but not least, Huzaifa Sidhpurwala also discovered a buffer overflow in Wireshark's ERF dissector, which could lead to the execution of arbitrary code. This is no longer a problem and users should upgrade the wireshark packages.

Download Debian 6.0.3 right now from Softpedia.