Date: Wed, 25 Jul 2007 01:46:36 +0200 From: "Simon L. Nielsen" <info@plot.uz> To: FreeBSD Questions <freebsd-questions@freebsd.org>, freebsd-security@FreeBSD.org Cc: FreeBSD Security Team <security-team@FreeBSD.org>, Jeffrey Goldberg <jeffrey@goldmark.org> Subject: Re: Waiting for BIND security announcement Message-ID: <20070724234636.GA6738@zaphod.nitro.dk> In-Reply-To: <ADFAAD97-8DF7-4589-8046-843F7F36A600@goldmark.org> References: <ADFAAD97-8DF7-4589-8046-843F7F36A600@goldmark.org>
next in thread | previous in thread | raw e-mail | index | archive | help
--CE+1k2dSO48ffgeK Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable [freebsd-security@ CC'ed to avoid answering the same there again shorly :) - if following up, please drop either freebsd-questions or freebsd-securiy to avoid "spamming" both lists] On 2007.07.24 18:15:43 -0500, Jeffrey Goldberg wrote: > As I'm sure many people know there is a newly discovered BIND vulnerabili= ty=20 > allowing cache injection (pharming). See >=20 > http://www.isc.org/index.pl?/sw/bind/bind-security.php >=20 > for details. >=20 > The version of bind on 6.2, 9.3.3, looks like it is vulnerable (along wit= h=20 > many other versions). It's not particularly an issue for me since my nam= e=20 > servers aren't publicly queryable, but I am curios about how things like= =20 > security problems in > src/contrib get handled in FreeBSD. Yes, the FreeBSD Security Team and the FreeBSD BIND maintainer are aware of the issue and are working on fixing it in FreeBSD as soon as possible. More details about the issue can be found at: http://www.isc.org/sw/bind/bind-security.php . Our general security handling policies can be found at: http://security.FreeBSD.org/ . --=20 Simon L. Nielsen FreeBSD Deputy Security Officer --CE+1k2dSO48ffgeK Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (FreeBSD) iD8DBQFGpo9cBJx0gP90kKsRAmOJAJ9Z5JepxUgI7J71CSp5ujQPVPNjTQCdGl3T yHN5mMu1zKojJwDDzGSV9Bw= =sEQS -----END PGP SIGNATURE----- --CE+1k2dSO48ffgeK--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20070724234636.GA6738>