From owner-freebsd-security Mon Jan 29 13:27:22 2001 Delivered-To: freebsd-security@freebsd.org Received: from virtual.sysadmin-inc.com (lists.sysadmin-inc.com [209.16.228.140]) by hub.freebsd.org (Postfix) with ESMTP id A792737B698 for ; Mon, 29 Jan 2001 13:27:00 -0800 (PST) Received: from wkst (virtual2.sysadmin-inc.com [209.16.228.145]) by virtual.sysadmin-inc.com (8.9.1/8.9.1) with SMTP id QAA22201 for ; Mon, 29 Jan 2001 16:27:21 -0500 Reply-To: From: "Peter Brezny" To: Subject: RE: [COVERT-2001-01] Multiple Vulnerabilities in BIND - FreeBSD Implications ? Date: Mon, 29 Jan 2001 16:25:57 -0500 Message-ID: <005901c08a3a$121869e0$46010a0a@sysadmininc.com> MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook CWS, Build 9.0.2416 (9.0.2911.0) In-Reply-To: <20010129124450.A26735@xor.obsecurity.org> X-MimeOLE: Produced By Microsoft MimeOLE V5.00.2919.6600 Importance: Normal Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org named -v on my 4.2-stable system reports 8.2.3-T6B From the advisory I was under the impression that this one was ok. Did I miss something? Peter Brezny SysAdmin Services Inc. -----Original Message----- From: owner-freebsd-security@FreeBSD.ORG [mailto:owner-freebsd-security@FreeBSD.ORG]On Behalf Of Kris Kennaway Sent: Monday, January 29, 2001 3:45 PM To: Si. Cc: freebsd-security@FreeBSD.ORG Subject: Re: [COVERT-2001-01] Multiple Vulnerabilities in BIND - FreeBSD Implications ? On Mon, Jan 29, 2001 at 07:55:44PM +0000, Si. wrote: > 1) The nice people ISC. > 2) The nice people at freebsd-security, i.e. Kris and his team ? It's fixed in BIND 8.2.3, which is being imported into 4.x and 3.x as we speak (it's already in -current). I had hoped to have it done by the time the advisories were released, but circumstances conspired to prevent it. The timing of our advisory 01:10 last week has potential for confusion, but that does not relate to these recent bugs. We hope to have a new advisory out in a couple of days, but in the meantime everyone is urged to upgrade to 4.2-STABLE or 3.5-STABLE once the upgrades are in, or switch to the bind8 port (also not yet updated). I'll drop another note when the relevant upgrades are in place. Kris To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message