oss-sec mailing list archives
Re: The Bind incident
From: "Mike O'Connor" <mjo () dojo mi org>
Date: Wed, 6 Jul 2011 05:18:18 -0400
:On Tue, Jul 05, 2011 at 07:17:32PM +0800, Eugene Teo wrote: :> You might have read about AusCert's accidental disclosure of the ISC :> Bind advisories today. If you have more information about this, please :> share. AFAICS, the bind source packages are still not available at the :> ISC website. :> :> https://bugzilla.redhat.com/CVE-2011-2464 :> https://bugzilla.redhat.com/CVE-2011-2465 :> http://risky.biz/auscert-bind :> http://pastebin.com/9NUt8Pk0 : :Here are the ISC advisories: : :http://www.isc.org/software/bind/advisories/cve-2011-2464 :http://www.isc.org/software/bind/advisories/cve-2011-2465 : :The oldest affected version is 9.6'ish, and the advisories explicitly :say that "Other versions of BIND 9 not listed in this advisory are not :vulnerable to this problem." So those of us with older BIND 9 appear to :have nothing to do on this. ;-) (Of course, we might have other/older :issues to patch.) Note that the BIND 9.4 ESV formally EOLed just last month: http://www.isc.org/softwaresupportpolicy So, if you are distributing an older rev of BIND and some new security issue comes up that you are prone to, it _might_ not be quite as easy to backport the fixes. -- Michael J. O'Connor mjo () dojo mi org =--==--==--==--==--==--==--==--==--==--==--==--==--==--==--==--==--==--==--= "Gravity was invented by Isaac Walton." -Anguished English
Attachment:
_bin
Description:
Current thread:
- The Bind incident Eugene Teo (Jul 05)
- Re: The Bind incident Eugene Teo (Jul 05)
- Re: The Bind incident Barry Greene (Jul 06)
- Re: The Bind incident Eugene Teo (Jul 07)
- Re: The Bind incident Barry Greene (Jul 06)
- Re: The Bind incident Solar Designer (Jul 05)
- Re: The Bind incident Mike O'Connor (Jul 06)
- Re: The Bind incident Florian Weimer (Jul 06)
- Re: The Bind incident Mike O'Connor (Jul 06)
- Re: The Bind incident Eugene Teo (Jul 05)