Skip site navigation (1)Skip section navigation (2) 
Date:      Wed, 24 Nov 1999 20:54:24 -0500
From:      Keith Stevenson <k.stevenson@louisville.edu>
To:        Dave H <dave@webgator.com>
Cc:        freebsd-questions@freebsd.org, freebsd-stable@freebsd.org, security-officer@freebsd.org
Subject:   Re: Security status of BIND8 in stable
Message-ID:  <19991124205424.C54601@osaka.louisville.edu>
In-Reply-To: <Pine.BSF.4.20.9911241652140.29089-100000@ns3.perceptionpub.com>
References:  <Pine.BSF.4.20.9911241652140.29089-100000@ns3.perceptionpub.com>
next in thread | previous in thread | raw e-mail | index | archive | help 
On Wed, Nov 24, 1999 at 05:18:22PM -0500, Dave H wrote:
> Hi, 
> 
> I'll keep this brief. I basically have three questions about bind8 in
> stable:
> 
> 1) The version in stable is still 8.1.2 - is there any reason to believe
> that the current well-known vulnerabilities in bind are not present for
> some reason in our bind 8.1.2? 

The consensus seems to be that we only have the denial of service attacks
to contend with.  The remote root vulnerability didn't appear until 8.2

> 
> 2) Why hasn't FreeBSD made a statement is response to Cert Advisory
> CA-99-14?

I'll defer that to the Security Officer.

> 
> 3) How soon will the bind version be updated in stable? I'd prefer to
> stick with source instead of ports for ease of maintenance accross
> multiple machines. If building bind from ports is (and will continue to
> be) the best way of maintaining bind, so be it - I will make the change
> across all machines - I'd just rather not do it if it is not necessary.

Considering that -CURRENT still includes 8.1.2 and that the 3.4 and 4.0 feature
freezes are fast approaching (as is BIND9), I think that the ports version is
your best bet.

Regards,
--Keith Stevenson--

-- 
Keith Stevenson
System Programmer - Data Center Services - University of Louisville
k.stevenson@louisville.edu
PGP key fingerprint =  4B 29 A8 95 A8 82 EA A2  29 CE 68 DE FC EE B6 A0


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?19991124205424.C54601>