From owner-freebsd-security Wed Nov 20 01:13:36 1996 Return-Path: owner-security Received: (from root@localhost) by freefall.freebsd.org (8.7.5/8.7.3) id BAA17520 for security-outgoing; Wed, 20 Nov 1996 01:13:36 -0800 (PST) Received: from panoramix.rain.fr (panoramix.rain.fr [194.51.3.136]) by freefall.freebsd.org (8.7.5/8.7.3) with ESMTP id BAA17513; Wed, 20 Nov 1996 01:13:29 -0800 (PST) Received: from panoramix.rain.fr (localhost [127.0.0.1]) by panoramix.rain.fr (8.8.3/8.8.3) with SMTP id KAA25586; Wed, 20 Nov 1996 10:19:40 +0100 (MET) Message-ID: <3292CD2C.41C67EA6@panoramix.rain.fr> Date: Wed, 20 Nov 1996 09:19:40 +0000 From: Tom Fischer X-Mailer: Mozilla 3.01 (X11; I; FreeBSD 2.1.0-RELEASE i386) MIME-Version: 1.0 To: FreeBSD Security Officer CC: freebsd-security@freebsd.org Subject: Re: Serious BIND resolver problem. (fwd) References: <7ypw19iosu.fsf@base.jnx.com> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-security@freebsd.org X-Loop: FreeBSD.org Precedence: bulk Hello, "quietly fixed?" I'm not too sure I like the sound of that. I'm running 2.1.0-Release, installed off the January 1996 cdrom on several systems. I'm installed all of the patches, etc., that were available on ftp://freebsd.org/pub/CERT/patches, and I don't remember anything about this problem (apparently, obviously). My question is: Do I need to do something to my libc library? As I understand it, 2.1R from the cd is not the same thing as 2.1 -stable... or am I wrong? thanks, tom tfischer@rain.fr ===================================================== FreeBSD Security Officer wrote: > > The SNI advisory is for a problem that had been corrected quite some time ago. > This is a "late" advisory causing lots of folks confusion. > > The problem is in the resolver libraries (in libc). Upgrading named to 4.9.5 > will not fix this problem. This problem was quietly fixed in 2.1 -stable and > -current releases by explicit request of the author several months ago. > > Paul