Re: What about BIND 9.3.4 in FreeBSD in base system ?




Chris Marlatt wrote:
Doug Barton wrote:

plan to MFC it after 4 or 5 days. I am actually considering only
MFC'ing it to RELENG_6 to help provide some incentive for those on 5.x
to upgrade.


One would assume that the release would be supported up until the EOL
provided on freebsd.org of May 31, 2008.

Yes, but whether a full upgrade is needed for "support" or not depends
on your definition. Given that FreeBSD is not vulnerable to these
issues in its default configuration, one could easily argue that an
upgrade for RELENG_5 isn't necessary.

Doug

The subject here is 9.3.4. All the issues raised
in this thread so far were addressed as of 9.3.2-P2
/ 9.3.3. To the best of my knowledge these have
already been addresed.

There are two new issue for 9.3.4.

CVE-2007-0494 which is only a problem if you are
doing DNSEC validation.

CVE-2007-0493 which any recursive 9.3.x (x<4) named
is vulnerable.

Mark
--

This .signature sanitized for your protection

_______________________________________________
freebsd-security@xxxxxxxxxxx mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-security
To unsubscribe, send any mail to "freebsd-security-unsubscribe@xxxxxxxxxxx"
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: Mark_Andrews@xxxxxxx
_______________________________________________
freebsd-security@xxxxxxxxxxx mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-security
To unsubscribe, send any mail to "freebsd-security-unsubscribe@xxxxxxxxxxx"



Relevant Pages

  • Re: ANN: RealThinClient > New upgrade plans ...
    ... plan to release the next RTC SDK version in a week or two. ... Tech support is free for unlimited time, but only for the current version. ... As for the upgrade policy, since there will not be more than 1 major update ... my 50% discount offer on RTC Remote Tools ...
    (borland.public.delphi.thirdpartytools.general)
  • Re: ANN: RealThinClient > New upgrade plans ...
    ... support and upgrade plans from a "year-based subscription" (all ... plan is finished in a short time. ... discounts on major upgrades. ...
    (borland.public.delphi.thirdpartytools.general)
  • Building my first gaming rig - some advice please?
    ... I don't plan to overclock or run an SLI config. ... I may upgrade to a 20". ... I like the P35's that will support DDR3 and Quad Core so that way in ... PSU - I have no idea which PSU to get, but I know I want something ...
    (alt.comp.hardware.pc-homebuilt)
  • Re: statistics NT4
    ... No plan in next ... three months to upgrade. ... "Egbert Nierop" wrote: ... Obviously you're already aware of the support issues surrounding ...
    (microsoft.public.inetserver.iis)
  • SQL 2008 Upgrade Bug
    ... I had a similar situation and after calling MS support it turns out there is a bug in the SISS that will prevent the upgrade of an expired evaluation edition. ... I am not sure if you have unintalled the SQL Server and then reinstalled it. ... In this case I recommend that you contact Microsoft Customer Support Services ...
    (microsoft.public.sqlserver.setup)