Re: BIND 9.2.2 Vulnerabilities?

[David Kennedy CISSP <david.kennedy () acm org>]

At 01:04 PM 3/4/03 -0600, John wrote:

Heavily edited from the bind-announce message:

>>>>
> To: bind-announce () isc org
> From: Mark_Andrews () isc org
> Subject: BIND 9.2.2 is now available.
> Date: Tue, 04 Mar 2003 12:51:37 +1100
> List-Id: <bind-announce.isc.org>
>
>
> BIND 9.2.2 is now available.  This is a maintenance release of BIND  9.2.
> It contains no new features.
>
> BIND 9.2.2 can be downloaded from
>
> ftp://ftp.isc.org/isc/bind9/9.2.2/bind-9.2.2.tar.gz
>
> The PGP signature of the distribution is at
>
> ftp://ftp.isc.org/isc/bind9/9.2.2/bind-9.2.2.tar.gz.asc
>
> The signature was generated with the ISC public key, which is
> available at <http://www.isc.org/ISC/isckey.txt>.
>
> A list of changes made since 9.2.0 follows.  For earlier changes,
> see the file CHANGES in the distribution.
>
>
> 1356.	[security]	Support patches OpenSSL libraries.
> http://www.cert.org/advisories/CA-2002-23.html
> 1349.	[security]	Minimum OpenSSL version now 0.9.6e (was 0.9.5a).
> http://www.cert.org/advisories/CA-2002-23.html
> 1318.	[bug]		libbind: Remote buffer overrun.
<<<<

(many non-security fixes/bug edited out by DMK)



-- 
Regards,

David Kennedy CISSP                         /"\
Director of Research Services,              \ / ASCII Ribbon Campaign
TruSecure Corp. http://www.trusecure.com     X  Against HTML Mail
Protect what you connect;                   / \
Look both ways before crossing the Net.