Re: libc flaw: BIND 9 closes most holes but also opens one

From: Mark.Andrews@isc.org
Date: 06/30/02

• Next message: Scott Mitchell: "Re: Sshd fix"
• Previous message: Jack L. Stone: "Re: Sshd fix"
• In reply to: Brett Glass: "Re: libc flaw: BIND 9 closes most holes but also opens one"
• Next in thread: Brett Glass: "Re: libc flaw: BIND 9 closes most holes but also opens one"
• Reply: Brett Glass: "Re: libc flaw: BIND 9 closes most holes but also opens one"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

To: Brett Glass <brett@lariat.org>
From: Mark.Andrews@isc.org
Date: Sun, 30 Jun 2002 10:29:48 +1000

> At 03:56 PM 6/29/2002, Doug Barton wrote:
>
> >You quoted the second page. The URL I left in the quotation above is the
> >announcement for 8.2.6, which says:
> >
> >Highlights vs. 8.2.5
> > Security Fix libbind. All applications linked against libbind
> > need to relinked.
>
> So? That's not the version of libbind that's in 9.2.1. The version
> in 9.2.1 is vulnerable; I've checked the source.

        No one is denying that the version in 9.2.1 is vulerable.

        You stated that 8.2.6 was vulnerable when it is not. Stop
        complaining when people correct your mis-statement.

        The "fix" for 9.2.1 is to use libbind from 8.2.6 or 8.3.3
        until we (ISC) make a new bind release (9.2.2/9.3.0/snapshot).
        You can also just take the diff and patch the copy in
        9.2.0/9.2.1. It should work though I haven't tested it.

        Mark
>
> --Brett
>
>
>
> To Unsubscribe: send mail to majordomo@FreeBSD.org
> with "unsubscribe freebsd-security" in the body of the message

--
Mark Andrews, Internet Software Consortium
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742                 INTERNET: Mark.Andrews@isc.org
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message

• Next message: Scott Mitchell: "Re: Sshd fix"
• Previous message: Jack L. Stone: "Re: Sshd fix"
• In reply to: Brett Glass: "Re: libc flaw: BIND 9 closes most holes but also opens one"
• Next in thread: Brett Glass: "Re: libc flaw: BIND 9 closes most holes but also opens one"
• Reply: Brett Glass: "Re: libc flaw: BIND 9 closes most holes but also opens one"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages Re: libc flaw: BIND 9 closes most holes but also opens one ... On Sat, 29 Jun 2002, Brett Glass wrote: ... The URL I left in the quotation above is the ... That's not the version of libbind that's in 9.2.1. ... with "unsubscribe freebsd-security" in the body of the message ... (FreeBSD-Security) Re: libc flaw: BIND 9 closes most holes but also opens one ... At 03:56 PM 6/29/2002, Doug Barton wrote: ... The URL I left in the quotation above is the ... That's not the version of libbind that's in 9.2.1. ... with "unsubscribe freebsd-security" in the body of the message ... (FreeBSD-Security)

• Security
• UNIX
• Linux
• Coding
• Usenet

• News
• Mailing-Lists
• Newsgroups
• Service
• About
• Privacy
• Search
• Imprint