-----  B a l a B i t   S e c u r i t y   A d v i s o r y   ( B B S A )  -----
PACKAGE             : python-dns
AFFECTED VERSION    : <= 2.3.0-5zorpos2, <= 2.3.0-6ubuntu1.zorpos1
FIXED               : 2.3.0-5zorpos3, 2.3.0-6ubuntu1.zorpos33.1
SUMMARY             : cache poisoning
TYPE                : remote
AFFECTED            : ZorpOS 3.1, ZorpOS 3.3
ZORP-OS SPECIFIC    : NO
BBSA-AUTHOR         : Tamás Pál <tamas.pal@balabit.hu>
BBSA-ID             : BBSA-2008-036
BBSA-ADDRESS        : advisory@balabit.hu
GNUPG FINGERPRINT   : 933E 6763 D32D A01C 1A75  F228 9CB1 81C7 D91E 8915
CVE                 : CVE-2008-1447
DATE                : Jul 30, 2008
-----------------------------------------------------------------------------

BACKGROUND:

  The cache poisoning due to predictable DNS transaction ID's and lack of UDP
  source port randomization weakness in DNS client implementations discovered
  by Dan Kaminsky have been identified in PyDNS.

SOLUTION:

  We recommend that you update the affected packages immediately.

  Upgrading using apt:
  ~~~~~~~~~~~~~~~~~~~~
  Add the following line to /etc/apt/sources.list (if it doesn't
  contain this line already)

  ZorpOS version 3.1:

    deb https://USERNAME:PASSWORD@apt.balabit.hu/zorp-os \
      zorp-os-3.1/3.1security zorp-os zorp-os-extra

  ZorpOS version 3.3:

    deb https://USERNAME:PASSWORD@apt.balabit.hu/zorp-os \
      zorp-os-3.3/3.3security zorp-os zorp-os-extra

  then issue the following commands as root:

  apt-get update

  apt-get -u upgrade

  The latest upgrades will be downloaded and installed.

REFERENCES:

  http://www.debian.org/security/2008/dsa-1619
  http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1447