From owner-freebsd-stable@FreeBSD.ORG  Sun Jul 20 18:16:08 2008
Return-Path: <owner-freebsd-stable@FreeBSD.ORG>
Delivered-To: stable@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 8EE44106566B
	for <stable@freebsd.org>; Sun, 20 Jul 2008 18:16:08 +0000 (UTC)
	(envelope-from cliftonr@lava.net)
Received: from outgoing01.lava.net (cake.lava.net
	[IPv6:2001:1888:0:1:230:48ff:fe5b:3b50])
	by mx1.freebsd.org (Postfix) with ESMTP id 127F28FC08
	for <stable@freebsd.org>; Sun, 20 Jul 2008 18:16:07 +0000 (UTC)
	(envelope-from cliftonr@lava.net)
Received: from malasada.lava.net (malasada.lava.net [64.65.64.17])
	by outgoing01.lava.net (Postfix) with ESMTP id 8E03ED005F;
	Sun, 20 Jul 2008 08:15:56 -1000 (HST)
Received: by malasada.lava.net (Postfix, from userid 102)
	id BF94B153882; Sun, 20 Jul 2008 08:15:55 -1000 (HST)
Date: Sun, 20 Jul 2008 08:15:55 -1000
From: Clifton Royston <cliftonr@lava.net>
To: Brett Glass <brett@lariat.net>
Message-ID: <20080720181554.GA5405@lava.net>
References: <200807200230.UAA17164@lariat.net>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <200807200230.UAA17164@lariat.net>
User-Agent: Mutt/1.4.2.2i
Cc: stable@freebsd.org
Subject: Re: FreeBSD 7.1 and BIND exploit
X-BeenThere: freebsd-stable@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Production branch of FreeBSD source code <freebsd-stable.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-stable>, 
	<mailto:freebsd-stable-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-stable>
List-Post: <mailto:freebsd-stable@freebsd.org>
List-Help: <mailto:freebsd-stable-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-stable>,
	<mailto:freebsd-stable-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sun, 20 Jul 2008 18:16:08 -0000

On Sat, Jul 19, 2008 at 08:30:57PM -0600, Brett Glass wrote:
> Everyone:
> 
> Will FreeBSD 7.1 be released in time to use it as an upgrade to
> close the BIND cache poisoning hole? We'd like to upgrade affected
> servers to the latest FreeBSD at the same time that we upgrade
> BIND if possible.

  Given that 7.1 and 6.4 are still listed as "August" in the RE page,
and things often slip a bit as the date approaches, I'd say you'd be
well-advised not to wait.  Assuming you're running 7.0 or 6.3, upgrade
to the latest _RELENG patch which is much less work than a full version
upgrade.

  My opinion only.  I'm not a developer, and I'm not running any
recursive resolvers on BIND these days; my limited set of machines are
running djbdns instead, so I have more flexibility.

  -- Clifton

-- 
    Clifton Royston  --  cliftonr@iandicomputing.com / cliftonr@lava.net
       President  - I and I Computing * http://www.iandicomputing.com/
 Custom programming, network design, systems and network consulting services