Re: What about BIND 9.3.4 in FreeBSD in base system ?
- From: Chuck Swiger <cswiger@xxxxxxx>
- Date: Thu, 01 Feb 2007 15:28:07 -0500
Doug Barton wrote:
Chris Marlatt wrote:[ ... ]
Yes, but whether a full upgrade is needed for "support" or not depends on your definition. Given that FreeBSD is not vulnerable to these issues in its default configuration, one could easily argue that an upgrade for RELENG_5 isn't necessary.
I've been bitten by CVE-2006-4096, and have applied the workaround to limit the # of outstanding queries. I've got two nameservers tracking 5-STABLE which were vulnerable to CVE-2006-4095, and I have no doubt that there are other people besides me who will be affected by CVE-2007-0493.
I'm starting to feel thankful that my important domains include off-site secondaries which are running djbdns.
Does the FreeBSD security team have a position with regard to whether the above DoS vulnerabilities ought to be fixed in the 5-STABLE branch?
--
-Chuck
_______________________________________________
freebsd-security@xxxxxxxxxxx mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-security
To unsubscribe, send any mail to "freebsd-security-unsubscribe@xxxxxxxxxxx"
- Follow-Ups:
- Re: What about BIND 9.3.4 in FreeBSD in base system ?
- From: Colin Percival
- Re: What about BIND 9.3.4 in FreeBSD in base system ?
- From: Doug Barton
- Re: What about BIND 9.3.4 in FreeBSD in base system ?
- References:
- Re: What about BIND 9.3.4 in FreeBSD in base system ?
- From: Doug Barton
- Re: What about BIND 9.3.4 in FreeBSD in base system ?
- Prev by Date: Re: What about BIND 9.3.4 in FreeBSD in base system ?
- Next by Date: Re: What about BIND 9.3.4 in FreeBSD in base system ?
- Previous by thread: Re: What about BIND 9.3.4 in FreeBSD in base system ?
- Next by thread: Re: What about BIND 9.3.4 in FreeBSD in base system ?
- Index(es):
Relevant Pages
|
|
