Skip site navigation (1)Skip section navigation (2)
Date:      Tue, 24 Jul 2007 18:15:43 -0500
From:      Jeffrey Goldberg <jeffrey@goldmark.org>
To:        FreeBSD Questions <freebsd-questions@freebsd.org>
Cc:        secteam@FreeBSD.org
Subject:   Waiting for BIND security announcement
Message-ID:  <ADFAAD97-8DF7-4589-8046-843F7F36A600@goldmark.org>

Next in thread | Raw E-Mail | Index | Archive | Help

--Apple-Mail-6-853319599
Content-Transfer-Encoding: 7bit
Content-Type: text/plain;
	charset=US-ASCII;
	delsp=yes;
	format=flowed

[I'm cc'ing this to secteam@freebsd.org, but they are probably  
already aware of things.  I don't require a response from them, but  
if they do, a posting to the questions are announcement lists would  
be great.  I don't need a personal response.]

As I'm sure many people know there is a newly discovered BIND  
vulnerability allowing cache injection (pharming).  See

   http://www.isc.org/index.pl?/sw/bind/bind-security.php

for details.

The version of bind on 6.2, 9.3.3, looks like it is vulnerable (along  
with many other versions).  It's not particularly an issue for me  
since my name servers aren't publicly queryable, but I am curios  
about how things like security problems in
src/contrib get handled in FreeBSD.

Cheers,

-j


-- 
Jeffrey Goldberg                        http://www.goldmark.org/jeff/


--Apple-Mail-6-853319599--



Want to link to this message? Use this URL: <http://docs.FreeBSD.org/cgi/mid.cgi?ADFAAD97-8DF7-4589-8046-843F7F36A600>