Re: Waiting for BIND security announcement
- From: "Simon L. Nielsen" <simon@xxxxxxxxxxx>
- Date: Wed, 25 Jul 2007 01:46:36 +0200
[freebsd-security@ CC'ed to avoid answering the same there again
shorly :) - if following up, please drop either freebsd-questions or
freebsd-securiy to avoid "spamming" both lists]
On 2007.07.24 18:15:43 -0500, Jeffrey Goldberg wrote:
As I'm sure many people know there is a newly discovered BIND vulnerability
allowing cache injection (pharming). See
http://www.isc.org/index.pl?/sw/bind/bind-security.php
for details.
The version of bind on 6.2, 9.3.3, looks like it is vulnerable (along with
many other versions). It's not particularly an issue for me since my name
servers aren't publicly queryable, but I am curios about how things like
security problems in
src/contrib get handled in FreeBSD.
Yes, the FreeBSD Security Team and the FreeBSD BIND maintainer are
aware of the issue and are working on fixing it in FreeBSD as soon as
possible.
More details about the issue can be found at:
http://www.isc.org/sw/bind/bind-security.php .
Our general security handling policies can be found at:
http://security.FreeBSD.org/ .
--
Simon L. Nielsen
FreeBSD Deputy Security Officer
Attachment:
pgpnq5d9cNliW.pgp
Description: PGP signature
- Follow-Ups:
- Re: Waiting for BIND security announcement
- From: Doug Barton
- Re: Waiting for BIND security announcement
- Prev by Date: Re: sudo + pam_lastlog causes user to appear logged out in logs.
- Next by Date: Re: Waiting for BIND security announcement
- Previous by thread: sudo + pam_lastlog causes user to appear logged out in logs.
- Next by thread: Re: Waiting for BIND security announcement
- Index(es):
Relevant Pages
|
|
