From owner-freebsd-security Sat Jun 29 11:35:19 2002 Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 489DA37B400 for ; Sat, 29 Jun 2002 11:35:16 -0700 (PDT) Received: from lariat.org (lariat.org [63.229.157.2]) by mx1.FreeBSD.org (Postfix) with ESMTP id 608A243E09 for ; Sat, 29 Jun 2002 11:35:15 -0700 (PDT) (envelope-from brett@lariat.org) Received: from mustang.lariat.org (IDENT:ppp1000.lariat.org@lariat.org [63.229.157.2]) by lariat.org (8.9.3/8.9.3) with ESMTP id MAA12630; Sat, 29 Jun 2002 12:35:03 -0600 (MDT) X-message-flag: Warning! Use of Microsoft Outlook is dangerous and makes your system susceptible to Internet worms. Message-Id: <4.3.2.7.2.20020629123101.02ed2df0@localhost> X-Sender: brett@localhost X-Mailer: QUALCOMM Windows Eudora Version 4.3.2 Date: Sat, 29 Jun 2002 12:34:55 -0600 To: Mark.Andrews@isc.org From: Brett Glass Subject: Re: libc flaw: BIND 9 closes most holes but also opens one Cc: security@FreeBSD.ORG In-Reply-To: <200206290335.g5T3ZUm0059814@drugs.dv.isc.org> References: Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org At 09:35 PM 6/28/2002, Mark.Andrews@isc.org wrote: > Firstly lib/bind is *not* built by default. You have to > explictly build it with "configure --enable-libbind". If that's so, you may still have an old libbind on your system which is vulnerable. ONLY the libbind from 8.3.3 is immune. > "libbind" is a *copy* of BIND 8's libbind which *is* fixed > in 8.2.6 and 8.3.3. Only in 8.3.3, according to ISC. BIND 9.2.1's libbind is not fixed. See http://www.cert.org/advisories/CA-2002-19.html --Brett To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message