Date: Sat, 29 Jun 2002 15:47:56 -0600 From: Brett Glass <brett@lariat.org> To: Pete Ehlke <pde@rfc822.net>, security@FreeBSD.ORG Subject: Re: libc flaw: BIND 9 closes most holes but also opens one Message-ID: <4.3.2.7.2.20020629154457.02fafb00@localhost> In-Reply-To: <20020629214312.GA20882@rfc822.net> References: <4.3.2.7.2.20020629153253.02e88ef0@localhost> <200206282259.QAA03790@lariat.org> <4.3.2.7.2.20020629123101.02ed2df0@localhost> <4.3.2.7.2.20020629153253.02e88ef0@localhost>
next in thread | previous in thread | raw e-mail | index | archive | help
At 03:43 PM 6/29/2002, Pete Ehlke wrote: >Please, Brett. Don't embarass yourself further on this. > >http://marc.theaimsgroup.com/?l=bind-announce&m=102527571007047&w=2 >http://marc.theaimsgroup.com/?l=bind-announce&m=102527570707030&w=2 Embarrass? The page you cite actually proves that I'm correct! It says: >Highlights vs. 8.3.2 > Security Fix libbind. All applications linked against libbind > need to re-linked. What this means is that the only safe version of libbind is 8.3.3. BIND 9.2.1 includes an older version of libbind, and so while its named is not vulnerable (and in fact can be used to shield other machines), its libbind is. --Brett To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4.3.2.7.2.20020629154457.02fafb00>