Date: Wed, 20 Nov 1996 09:50:09 -0800 From: Paul Traina <pst@shockwave.com> To: Tom Fischer <tfischer@panoramix.rain.fr> Cc: FreeBSD Security Officer <security-officer@freebsd.org>, freebsd-security@freebsd.org Subject: Re: Serious BIND resolver problem. (fwd) Message-ID: <199611201750.JAA20913@precipice.shockwave.com> In-Reply-To: Your message of "Wed, 20 Nov 1996 09:19:40 GMT." <3292CD2C.41C67EA6@panoramix.rain.fr>
next in thread | previous in thread | raw e-mail | index | archive | help
From: Tom Fischer <tfischer@panoramix.rain.fr> Subject: Re: Serious BIND resolver problem. (fwd) Hello, "quietly fixed?" I'm not too sure I like the sound of that. I'm running 2.1.0-Release, installed off the January 1996 cdrom on several systems. I'm installed all of the patches, etc., that were available on ftp://freebsd.org/pub/CERT/patches, and I don't remember anything about this problem (apparently, obviously). We normally do full disclosure on security bug reports, this was an exception. My question is: Do I need to do something to my libc library? Yes. As I understand it, 2.1R from the cd is not the same thing as 2.1 -stable... or am I wrong? If you're running 2.1R, you've got so many bloody security holes it's not funny. If you allow "untrusted" users on your machine, my advice is to upgrade to 2.1.6 or 2.1-stable (nearly the same thing) without delay.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199611201750.JAA20913>