Date: Sat, 29 Jun 2002 14:44:58 -0700 From: Doug Barton <DougB@FreeBSD.org> To: Brett Glass <brett@lariat.org> Cc: Mark.Andrews@isc.org, security@FreeBSD.org Subject: Re: libc flaw: BIND 9 closes most holes but also opens one Message-ID: <3D1E2A5A.522E53C7@FreeBSD.org> References: <Your message of "Fri, 28 Jun 2002 16:59:25 CST." <200206282259.QAA03790@lariat.org> <4.3.2.7.2.20020629123101.02ed2df0@localhost> <4.3.2.7.2.20020629153253.02e88ef0@localhost>
next in thread | previous in thread | raw e-mail | index | archive | help
Brett Glass wrote: > > At 03:27 PM 6/29/2002, Doug Barton wrote: > > > The libbind bug is fixed in both 8.2.6, and 8.3.3. Please be more > >careful to read what is posted before responding. > > I know that there were earlier fixes to prevent buffer overrruns. > My impression, based on ISC's statements, is that more were required > after that time. Have you done a diff between 8.2.6 and 8.3.3? Non sequitur. I was responding to your claim that libbind was fixed only in 8.3.3. You are categorically wrong on that point. I already said that if you're running BIND 8, you're better off with the 8.3.3 version. > >That said, if you are > >going to run a BIND 8 server, I think you're a lot better off with > >8.3.3. > > I want to run a BIND 9 server, because it will protect vulnerable > machines and apps behind it. But it looks as if I'll need to get > libbind out of 8.3.3, too Only if you're using something that links against it. IMO you're better off just not having it around. Doug To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3D1E2A5A.522E53C7>