From owner-freebsd-security Wed Nov 20 10:10:06 1996 Return-Path: owner-security Received: (from root@localhost) by freefall.freebsd.org (8.7.5/8.7.3) id KAA23621 for security-outgoing; Wed, 20 Nov 1996 10:10:06 -0800 (PST) Received: from panoramix.rain.fr (panoramix.rain.fr [194.51.3.136]) by freefall.freebsd.org (8.7.5/8.7.3) with ESMTP id KAA23608 for ; Wed, 20 Nov 1996 10:10:01 -0800 (PST) Received: from panoramix.rain.fr (localhost [127.0.0.1]) by panoramix.rain.fr (8.8.3/8.8.3) with SMTP id TAA15656; Wed, 20 Nov 1996 19:15:56 +0100 (MET) Message-ID: <32934ADB.15FB7483@panoramix.rain.fr> Date: Wed, 20 Nov 1996 18:15:55 +0000 From: Tom Fischer X-Mailer: Mozilla 3.01 (X11; I; FreeBSD 2.1.0-RELEASE i386) MIME-Version: 1.0 To: Paul Traina CC: freebsd-security@freebsd.org Subject: Re: Serious BIND resolver problem. (fwd) References: <199611201750.JAA20913@precipice.shockwave.com> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-security@freebsd.org X-Loop: FreeBSD.org Precedence: bulk Hello, Paul Traina warned: > If you're running 2.1R, you've got so many bloody security holes it's > not funny. If you allow "untrusted" users on your machine, my advice > is to upgrade to 2.1.6 or 2.1-stable (nearly the same thing) without delay. thanks for the advice, but I was hoping to delay this until 2.2R came out (in two months, supposedly). The security holes that I know about, and did something about are: mount_union, mount_msdos, man... suidperl iijppp rdist... Aside from this new libc thing, you're telling me that there are others as well? Is there an easy way to fix the libc problem while I wait for 2.2R? thanks, tom tfischer@rain.fr