Re: new bind security bug? Re: [FreeBSD-Announce] FreeBSD Security Advisory FreeBSD-SA-11:02.bind



On 07/07/2011 19:00, Josh Carroll wrote:
On Jul 7, 2011 6:40 PM, "Glen Barber" <glen.j.barber@xxxxxxxxx> wrote:

On 7/7/11 8:43 PM, Michael Scheidell wrote:
<
http://threatpost.com/en_us/blogs/new-bind-release-fixes-high-severity-remote-bugs-070611



The high-severity vulnerability in many versions of the BIND software
has the effect of causing the BIND server to exit when it receives a
specially formatted packet. The ISC said that although it isn't aware of
any public exploits for the bug, it still recommends that organizations
upgrade to one of the newer versions of BIND, which include
9.6-ESV-R4-P3, 9.7.3-P3 or 9.8.0-P4.


See:

http://svnweb.freebsd.org/base?view=revision&revision=223815


Are there plans to update 8.2-RELEASE as well?

By definition, no. A -RELEASE branch is carved in stone the moment it's
cut. If you're referring to whether or not there will be an 8.2-p*
branch for this change, that's up to the security officer.

Meanwhile my default response is still/always to upgrade to latest ports
version.


Doug

--

Nothin' ever doesn't change, but nothin' changes much.
-- OK Go

Breadth of IT experience, and depth of knowledge in the DNS.
Yours for the right price. :) http://SupersetSolutions.com/

_______________________________________________
freebsd-security@xxxxxxxxxxx mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-security
To unsubscribe, send any mail to "freebsd-security-unsubscribe@xxxxxxxxxxx"



Relevant Pages

  • Re: RFC: Upgrade BIND version in RELENG_7 to BIND 9.6.x
    ... I confirm the upgrade from 94 to 96 is very minor. ... I am also in favor of upgrading the base system's version of BIND to 9.6. ... We ended up "supporting" it long after the vendor's EOL date, ... users who wish to set up their resolving name servers for DNSSEC ...
    (freebsd-stable)
  • Update to CVE 2010-3613
    ... ISC has updated CVE 2010-3613 and the associated operational guidance ... BIND: cache incorrectly allows a ncache entry and a rrsig for the same type ... you should upgrade as soon as possible. ... are not operating recursive DNS servers. ...
    (comp.protocols.dns.bind)
  • Re: BIND chroot environment in 10-RELEASE...gone?
    ... adoption rate of FreeBSD 10. ... Only a fraction of my servers ever needed BIND. ... Actually *all* your machines (that include mobile phones, tablets, ... if you do a major version upgrade, don't read the ...
    (freebsd-stable)
  • Re: Somethings happening with named
    ... potential impact of an upgrade, and since this hasn't recurred I've left it ... and decided to keep an eye on things until it happens again. ... If someone could briefly explain the versioning used by bind, ... FreeBSD: The Power To Serve - http://www.FreeBSD.org ...
    (FreeBSD-Security)
  • Re: Following vendor release cycle (Was: Re: RFC: Upgrade BIND version in RELENG_7 to BIND 9.6.x)
    ... Traditionally for contributed software generally, and BIND in particular ... if maintainer consider the neccessity of upgrade. ... POV is that we develop the OS, and not are the vendor of the third-party ...
    (freebsd-stable)