Date: Tue, 24 Jul 2007 18:15:43 -0500 From: Jeffrey Goldberg <jeffrey@goldmark.org> To: FreeBSD Questions <freebsd-questions@freebsd.org> Cc: secteam@FreeBSD.org Subject: Waiting for BIND security announcement Message-ID: <ADFAAD97-8DF7-4589-8046-843F7F36A600@goldmark.org>
next in thread | raw e-mail | index | archive | help
--Apple-Mail-6-853319599 Content-Transfer-Encoding: 7bit Content-Type: text/plain; charset=US-ASCII; delsp=yes; format=flowed [I'm cc'ing this to secteam@freebsd.org, but they are probably already aware of things. I don't require a response from them, but if they do, a posting to the questions are announcement lists would be great. I don't need a personal response.] As I'm sure many people know there is a newly discovered BIND vulnerability allowing cache injection (pharming). See http://www.isc.org/index.pl?/sw/bind/bind-security.php for details. The version of bind on 6.2, 9.3.3, looks like it is vulnerable (along with many other versions). It's not particularly an issue for me since my name servers aren't publicly queryable, but I am curios about how things like security problems in src/contrib get handled in FreeBSD. Cheers, -j -- Jeffrey Goldberg http://www.goldmark.org/jeff/ --Apple-Mail-6-853319599--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?ADFAAD97-8DF7-4589-8046-843F7F36A600>