From owner-freebsd-security Wed Nov 20 09:51:38 1996 Return-Path: owner-security Received: (from root@localhost) by freefall.freebsd.org (8.7.5/8.7.3) id JAA21662 for security-outgoing; Wed, 20 Nov 1996 09:51:38 -0800 (PST) Received: from precipice.shockwave.com (ppp-206-170-5-61.rdcy01.pacbell.net [206.170.5.61]) by freefall.freebsd.org (8.7.5/8.7.3) with ESMTP id JAA21647; Wed, 20 Nov 1996 09:51:29 -0800 (PST) Received: from shockwave.com (localhost.shockwave.com [127.0.0.1]) by precipice.shockwave.com (8.8.2/8.7.3) with ESMTP id JAA20913; Wed, 20 Nov 1996 09:50:09 -0800 (PST) Message-Id: <199611201750.JAA20913@precipice.shockwave.com> To: Tom Fischer cc: FreeBSD Security Officer , freebsd-security@freebsd.org Subject: Re: Serious BIND resolver problem. (fwd) In-reply-to: Your message of "Wed, 20 Nov 1996 09:19:40 GMT." <3292CD2C.41C67EA6@panoramix.rain.fr> Date: Wed, 20 Nov 1996 09:50:09 -0800 From: Paul Traina Sender: owner-security@freebsd.org X-Loop: FreeBSD.org Precedence: bulk From: Tom Fischer Subject: Re: Serious BIND resolver problem. (fwd) Hello, "quietly fixed?" I'm not too sure I like the sound of that. I'm running 2.1.0-Release, installed off the January 1996 cdrom on several systems. I'm installed all of the patches, etc., that were available on ftp://freebsd.org/pub/CERT/patches, and I don't remember anything about this problem (apparently, obviously). We normally do full disclosure on security bug reports, this was an exception. My question is: Do I need to do something to my libc library? Yes. As I understand it, 2.1R from the cd is not the same thing as 2.1 -stable... or am I wrong? If you're running 2.1R, you've got so many bloody security holes it's not funny. If you allow "untrusted" users on your machine, my advice is to upgrade to 2.1.6 or 2.1-stable (nearly the same thing) without delay.