DSA-2056-1 zonecheck -- missing input sanitizingID: oval:org.secpod.oval:def:600058 | Date: (C)2011-01-28 (M)2022-10-10 |
Class: PATCH | Family: unix |
It was discovered that in zonecheck, a tool to check DNS configurations, the CGI does not perform sufficient sanitation of user input; an attacker can take advantage of this and pass script code in order to perform cross-site scripting attacks. For the stable distribution , this problem has been fixed in version 2.0.4-13lenny1. For the testing distribution , this problem has been fixed in version 2.1.1-1. For the testing distribution , this problem has been fixed in version 2.1.1-1. We recommend that you upgrade your zonecheck packages.