Date: Sat, 29 Jun 2002 14:27:38 -0700 From: Doug Barton <DougB@FreeBSD.org> To: Brett Glass <brett@lariat.org> Cc: Mark.Andrews@isc.org, security@FreeBSD.ORG Subject: Re: libc flaw: BIND 9 closes most holes but also opens one Message-ID: <3D1E264A.5463BA96@FreeBSD.org> References: <Your message of "Fri, 28 Jun 2002 16:59:25 CST." <200206282259.QAA03790@lariat.org> <4.3.2.7.2.20020629123101.02ed2df0@localhost>
next in thread | previous in thread | raw e-mail | index | archive | help
Brett Glass wrote: > > At 09:35 PM 6/28/2002, Mark.Andrews@isc.org wrote: > > > Firstly lib/bind is *not* built by default. You have to > > explictly build it with "configure --enable-libbind". > > If that's so, you may still have an old libbind on your system > which is vulnerable. ONLY the libbind from 8.3.3 is immune. > > > "libbind" is a *copy* of BIND 8's libbind which *is* fixed > > in 8.2.6 and 8.3.3. > > Only in 8.3.3, according to ISC. BIND 9.2.1's libbind is not fixed. Brett, The libbind bug is fixed in both 8.2.6, and 8.3.3. Please be more careful to read what is posted before responding. That said, if you are going to run a BIND 8 server, I think you're a lot better off with 8.3.3. But the fix is available for those who can't upgrade, for whatever reason. Thanks, Doug ftp://ftp.isc.org/isc/bind/src/8.2.6/825-826.diff -- "We have known freedom's price. We have shown freedom's power. And in this great conflict, ... we will see freedom's victory." - George W. Bush, President of the United States State of the Union, January 28, 2002 Do YOU Yahoo!? To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3D1E264A.5463BA96>