[SECURITY] [DSA 5441-1] maradns security update

2023-06-2902:24:29

lists.debian.org

1033252

cve-2022-30256

bullseye

debian

denial of service

1035936

maradns

dns

cve-2023-31137

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

0.002 Low

EPSS

Percentile

54.2%

JSON

Debian Security Advisory DSA-5441-1 [email protected]
https://www.debian.org/security/ Aron Xu
June 29, 2023 https://www.debian.org/security/faq

Package : maradns
CVE ID : CVE-2022-30256 CVE-2023-31137
Debian Bug : 1033252 1035936

Brief introduction

Two vulnerbilities were found in maradns, an open source domain name
system (DNS) implementation, that may lead to denial of service and
unintended domain name resolution.

For the oldstable distribution (bullseye), these problems have been fixed
in version 2.0.13-1.4+deb11u1.

We recommend that you upgrade your maradns packages.

For the detailed security status of maradns please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/maradns

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: [email protected]

OSVersionArchitecturePackageVersionFilename
Debian11s390xmaradns-deadwood-dbgsym< 2.0.13-1.4+deb11u1maradns-deadwood-dbgsym_2.0.13-1.4+deb11u1_s390x.deb
Debian11armelduende-dbgsym< 2.0.13-1.4+deb11u1duende-dbgsym_2.0.13-1.4+deb11u1_armel.deb
Debian11i386maradns-zoneserver-dbgsym< 2.0.13-1.4+deb11u1maradns-zoneserver-dbgsym_2.0.13-1.4+deb11u1_i386.deb
Debian10arm64maradns-deadwood< 2.0.13-1.2+deb10u1maradns-deadwood_2.0.13-1.2+deb10u1_arm64.deb
Debian11ppc64elmaradns-zoneserver< 2.0.13-1.4+deb11u1maradns-zoneserver_2.0.13-1.4+deb11u1_ppc64el.deb
Debian11arm64maradns< 2.0.13-1.4+deb11u1maradns_2.0.13-1.4+deb11u1_arm64.deb
Debian11armelmaradns-deadwood< 2.0.13-1.4+deb11u1maradns-deadwood_2.0.13-1.4+deb11u1_armel.deb
Debian10allmaradns-docs< 2.0.13-1.2+deb10u1maradns-docs_2.0.13-1.2+deb10u1_all.deb
Debian11armhfmaradns-zoneserver< 2.0.13-1.4+deb11u1maradns-zoneserver_2.0.13-1.4+deb11u1_armhf.deb
Debian11s390xmaradns-deadwood< 2.0.13-1.4+deb11u1maradns-deadwood_2.0.13-1.4+deb11u1_s390x.deb

OS	Version	Architecture	Package	Version	Filename
Debian	11	s390x	maradns-deadwood-dbgsym	< 2.0.13-1.4+deb11u1	maradns-deadwood-dbgsym_2.0.13-1.4+deb11u1_s390x.deb
Debian	11	armel	duende-dbgsym	< 2.0.13-1.4+deb11u1	duende-dbgsym_2.0.13-1.4+deb11u1_armel.deb
Debian	11	i386	maradns-zoneserver-dbgsym	< 2.0.13-1.4+deb11u1	maradns-zoneserver-dbgsym_2.0.13-1.4+deb11u1_i386.deb
Debian	10	arm64	maradns-deadwood	< 2.0.13-1.2+deb10u1	maradns-deadwood_2.0.13-1.2+deb10u1_arm64.deb
Debian	11	ppc64el	maradns-zoneserver	< 2.0.13-1.4+deb11u1	maradns-zoneserver_2.0.13-1.4+deb11u1_ppc64el.deb
Debian	11	arm64	maradns	< 2.0.13-1.4+deb11u1	maradns_2.0.13-1.4+deb11u1_arm64.deb
Debian	11	armel	maradns-deadwood	< 2.0.13-1.4+deb11u1	maradns-deadwood_2.0.13-1.4+deb11u1_armel.deb
Debian	10	all	maradns-docs	< 2.0.13-1.2+deb10u1	maradns-docs_2.0.13-1.2+deb10u1_all.deb
Debian	11	armhf	maradns-zoneserver	< 2.0.13-1.4+deb11u1	maradns-zoneserver_2.0.13-1.4+deb11u1_armhf.deb
Debian	11	s390x	maradns-deadwood	< 2.0.13-1.4+deb11u1	maradns-deadwood_2.0.13-1.4+deb11u1_s390x.deb