From owner-freebsd-security  Mon Jan 29 12:44:42 2001
Delivered-To: freebsd-security@freebsd.org
Received: from obsecurity.org (adsl-64-169-104-72.dsl.lsan03.pacbell.net [64.169.104.72])
	by hub.freebsd.org (Postfix) with ESMTP id B5FD337B400
	for <freebsd-security@FreeBSD.ORG>; Mon, 29 Jan 2001 12:44:20 -0800 (PST)
Received: by obsecurity.org (Postfix, from userid 1000)
	id E59FEBA2AF; Mon, 29 Jan 2001 12:44:50 -0800 (PST)
Date: Mon, 29 Jan 2001 12:44:50 -0800
From: Kris Kennaway <kris@obsecurity.org>
To: "Si." <si@chemicalterrorism.com>
Cc: freebsd-security@FreeBSD.ORG
Subject: Re: [COVERT-2001-01] Multiple Vulnerabilities in BIND - FreeBSD Implications ?
Message-ID: <20010129124450.A26735@xor.obsecurity.org>
References: <01C089BD.2D821D20@w240.z064220178.sjc-ca.dsl.cnc.net> <IOEDLFEIFKOCCKPLMKOMOEOKDJAA.si@chemicalterrorism.com>
Mime-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-md5;
	protocol="application/pgp-signature"; boundary="+QahgC5+KEYLbs62"
Content-Disposition: inline
User-Agent: Mutt/1.2.5i
In-Reply-To: <IOEDLFEIFKOCCKPLMKOMOEOKDJAA.si@chemicalterrorism.com>; from si@chemicalterrorism.com on Mon, Jan 29, 2001 at 07:55:44PM +0000
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org


--+QahgC5+KEYLbs62
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline

On Mon, Jan 29, 2001 at 07:55:44PM +0000, Si. wrote:

> 1) The nice people ISC.
> 2) The nice people at freebsd-security, i.e. Kris and his team ?

It's fixed in BIND 8.2.3, which is being imported into 4.x and 3.x as
we speak (it's already in -current). I had hoped to have it done by
the time the advisories were released, but circumstances conspired to
prevent it.

The timing of our advisory 01:10 last week has potential for
confusion, but that does not relate to these recent bugs. We hope to
have a new advisory out in a couple of days, but in the meantime
everyone is urged to upgrade to 4.2-STABLE or 3.5-STABLE once the
upgrades are in, or switch to the bind8 port (also not yet updated).

I'll drop another note when the relevant upgrades are in place.

Kris

--+QahgC5+KEYLbs62
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.4 (FreeBSD)
Comment: For info see http://www.gnupg.org

iD8DBQE6ddZCWry0BWjoQKURAhu2AKDfRfXeDsvxBTcRhJnaa8Z3xmfuMACgybs6
HHhOelG4uNoFi+/AgWaiGwQ=
=XHif
-----END PGP SIGNATURE-----

--+QahgC5+KEYLbs62--


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message