Re: new bind security bug? Re: [FreeBSD-Announce] FreeBSD Security Advisory FreeBSD-SA-11:02.bind

On 07/07/2011 19:00, Josh Carroll wrote:
On Jul 7, 2011 6:40 PM, "Glen Barber" <glen.j.barber@xxxxxxxxx> wrote:

On 7/7/11 8:43 PM, Michael Scheidell wrote:

The high-severity vulnerability in many versions of the BIND software
has the effect of causing the BIND server to exit when it receives a
specially formatted packet. The ISC said that although it isn't aware of
any public exploits for the bug, it still recommends that organizations
upgrade to one of the newer versions of BIND, which include
9.6-ESV-R4-P3, 9.7.3-P3 or 9.8.0-P4.


Are there plans to update 8.2-RELEASE as well?

By definition, no. A -RELEASE branch is carved in stone the moment it's
cut. If you're referring to whether or not there will be an 8.2-p*
branch for this change, that's up to the security officer.

Meanwhile my default response is still/always to upgrade to latest ports



Nothin' ever doesn't change, but nothin' changes much.
-- OK Go

Breadth of IT experience, and depth of knowledge in the DNS.
Yours for the right price. :)

freebsd-security@xxxxxxxxxxx mailing list
To unsubscribe, send any mail to "freebsd-security-unsubscribe@xxxxxxxxxxx"