Date: Tue, 2 Jul 2002 22:21:46 -0400 From: Peter Radcliffe <pir@pir.net> To: freebsd-security@freebsd.org Subject: Re: CERT Advisory CA-2002-18 OpenSSH Vulnerabilities in Challenge Response Message-ID: <20020703022146.GE9314@pir.net> In-Reply-To: <xzp7kkd8u2m.fsf@flood.ping.uio.no> References: <NEBBIGLHNDFEJMMIEGOOGEHGFCAA.peter@skyrunner.net> <xzpk7od8vwt.fsf@flood.ping.uio.no> <200207030109.g6319Ufb008965@apollo.backplane.com> <xzpbs9p8v8b.fsf@flood.ping.uio.no> <20020703012422.GC9314@pir.net> <xzp7kkd8u2m.fsf@flood.ping.uio.no>
next in thread | previous in thread | raw e-mail | index | archive | help
Dag-Erling Smorgrav <des@ofug.org> probably said: > They don't use the parts of libbind that contain the bug. They use > low-level functions that return raw DNS records rather than just host > names or IP addresses. and since libbind.a is isn't installed as part of the base OS, just by the port, most people should be ok. Thanks, P. -- pir pir-sig@pir.net pir-sig@net.tufts.edu To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020703022146.GE9314>