From owner-freebsd-security Mon Jan 29 9:21:34 2001 Delivered-To: freebsd-security@freebsd.org Received: from fledge.watson.org (fledge.watson.org [204.156.12.50]) by hub.freebsd.org (Postfix) with ESMTP id 2342137B402; Mon, 29 Jan 2001 09:21:14 -0800 (PST) Received: from fledge.watson.org (robert@fledge.pr.watson.org [192.0.2.3]) by fledge.watson.org (8.11.1/8.11.1) with SMTP id f0THKtB17653; Mon, 29 Jan 2001 12:20:55 -0500 (EST) (envelope-from robert@fledge.watson.org) Date: Mon, 29 Jan 2001 12:20:55 -0500 (EST) From: Robert Watson X-Sender: robert@fledge.watson.org To: Igor Roshchin Cc: security@freebsd.org, security-officer@freebsd.org, asmodai@freebsd.org Subject: Re: Bind: FreeBSD-SA-01:10 and CERT Advisory CA-2001-02 In-Reply-To: <200101291629.LAA76025@giganda.komkon.org> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org > To the security officers: http://www.freebsd.org/security/#adv does not > show any advisories on bind, except the one mentioned above. Will there > be any advisory addressing the problem mentioned by the CERT advisory in > regards to the older versions of FreeBSD (and BIND packaged with them)? I won't attempt to address the other issues in your e-mail, leaving them to Kris, as I'm not familiar with them, but I can address the concern of the most recent BIND8 vulnerabilities. We were made aware of the CERT advisory before its release, but were waiting for the new 8.2.3 release to be made before importing it into the tree (the final pre-release did not include the fix, although that's what is in -STABLE I believe). The release has now been made, and 8.2.3 has been imported into the FreeBSD contrib tree. 5.0-CURRENT now uses 8.2.3 by default as of last night or this morning, and as soon as the testing is done on 4.2-STABLE, it will be enabled there also. The BIND8 maintainer for FreeBSD has assured me that the integration into -STABLE will be done sometime this evening, meaning we can push out an advisory in the next day or so (once testing is done, etc). Given that the maintainer has also been working on the RELENG_3 branch, I would imagine that the fix will also be made on that branch. I do not know what the plans are with regards to RELENG_2. I will talk to the maintainer about what is involved to assemble appropriate instructions to upgrade release machines as opposed to -STABLE branch machines. As this is a sizable update (import of an entire version of BIND), those instructions may be non-trivial in length. It may be that we want to assemble a tarball of the updated files to drop on a 4.2-RELEASE src/ tree. Robert N M Watson FreeBSD Core Team, TrustedBSD Project robert@fledge.watson.org NAI Labs, Safeport Network Services To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message