Bugtraq mailing list archives
Re: BIND 9.2.2 Vulnerabilities?
From: Albert Sunseri <sunseri () abpi net>
Date: Tue, 4 Mar 2003 15:36:43 -0500
Hi! Yesterday morning I saw no notice whatsover. I downloaded 9.2.1 and upgraded to it. ISC called it a 'bugfix' release. However - I just looked at the CHANGES file for 9.2.2 There are no security notes in the section for 9.2.2 but in the notes for 9.2.2rc1 these appear: 1356. [security] Support patches OpenSSL libraries. http://www.cert.org/advisories/CA-2002-23.html 1349. [security] Minimum OpenSSL version now 0.9.6e (was 0.9.5a). http://www.cert.org/advisories/CA-2002-23.html as well as a zillion other changes. Now I have to upgrade all over again :( Should they note that there are security bugs in the current release, or is it my responsibility to read all of the CHNGES files for all the release candidates _before_ I upgrade from one relase to another?????? Did I miss something as well here? -- Information wants to be priceless. Albert Sunseri sunseri () abpi net
The ISC website lists the following as of today: http://www.isc.org/products/BIND/bind-security.html "ISC has discovered or has been notified of several bugs which can result in vulnerabilities of varying levels of severity in BIND as distributed by ISC. Upgrading to BIND version 9.2.2 is strongly recommended. If you cannot upgrade, BIND 8.3.4, 8.2.7, and 4.9.11 are available." 9.2.2 apparently was just released yesterday though I've seen no discussion about any specific vulnerabilities. The matrix at the bottom of the list shows two vulnerabilities, one with openssl, the other with libbind. Can anyone elaborate on what's happened here? I susbscribe to the BIND mailing list and haven't heard anything about this issue. Thx
Current thread:
- BIND 9.2.2 Vulnerabilities? John (Mar 04)
- Re: BIND 9.2.2 Vulnerabilities? Albert Sunseri (Mar 04)
- Re: BIND 9.2.2 Vulnerabilities? David Kennedy CISSP (Mar 04)
- Re: BIND 9.2.2 Vulnerabilities? Gerhard den Hollander (Mar 05)
- Re: BIND 9.2.2 Vulnerabilities? John (Mar 05)
- Re: BIND 9.2.2 Vulnerabilities? Scott Wunsch (Mar 06)
- Re: BIND 9.2.2 Vulnerabilities? Gerhard den Hollander (Mar 05)