Date: Thu, 01 Feb 2007 15:28:07 -0500 From: Chuck Swiger <cswiger@mac.com> To: Doug Barton <dougb@FreeBSD.org> Cc: freebsd-security@freebsd.org, Chris Marlatt <cmarlatt@rxsec.com> Subject: Re: What about BIND 9.3.4 in FreeBSD in base system ? Message-ID: <45C24D57.3000704@mac.com> In-Reply-To: <45C23DAA.9040108@FreeBSD.org> References: <001601c74428$ff9d54b0$ab76ed54@odipw> <45BEE27D.1050804@FreeBSD.org> <45BFA1B3.9040000@rxsec.com> <45C23DAA.9040108@FreeBSD.org>
next in thread | previous in thread | raw e-mail | index | archive | help
Doug Barton wrote: > Chris Marlatt wrote: [ ... ] > Yes, but whether a full upgrade is needed for "support" or not depends > on your definition. Given that FreeBSD is not vulnerable to these issues > in its default configuration, one could easily argue that an upgrade for > RELENG_5 isn't necessary. I've been bitten by CVE-2006-4096, and have applied the workaround to limit the # of outstanding queries. I've got two nameservers tracking 5-STABLE which were vulnerable to CVE-2006-4095, and I have no doubt that there are other people besides me who will be affected by CVE-2007-0493. I'm starting to feel thankful that my important domains include off-site secondaries which are running djbdns. Does the FreeBSD security team have a position with regard to whether the above DoS vulnerabilities ought to be fixed in the 5-STABLE branch? -- -Chuck
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?45C24D57.3000704>