Home page logo
/

oss-sec logo oss-sec mailing list archives

Re: The Bind incident
From: "Mike O'Connor" <mjo () dojo mi org>
Date: Wed, 6 Jul 2011 05:18:18 -0400

:On Tue, Jul 05, 2011 at 07:17:32PM +0800, Eugene Teo wrote:
:> You might have read about AusCert's accidental disclosure of the ISC
:> Bind advisories today. If you have more information about this, please
:> share. AFAICS, the bind source packages are still not available at the
:> ISC website.
:> 
:> https://bugzilla.redhat.com/CVE-2011-2464
:> https://bugzilla.redhat.com/CVE-2011-2465
:> http://risky.biz/auscert-bind
:> http://pastebin.com/9NUt8Pk0
:
:Here are the ISC advisories:
:
:http://www.isc.org/software/bind/advisories/cve-2011-2464
:http://www.isc.org/software/bind/advisories/cve-2011-2465
:
:The oldest affected version is 9.6'ish, and the advisories explicitly
:say that "Other versions of BIND 9 not listed in this advisory are not
:vulnerable to this problem."  So those of us with older BIND 9 appear to
:have nothing to do on this. ;-)  (Of course, we might have other/older
:issues to patch.)

Note that the BIND 9.4 ESV formally EOLed just last month:

http://www.isc.org/softwaresupportpolicy

So, if you are distributing an older rev of BIND and some new security
issue comes up that you are prone to, it _might_ not be quite as easy to
backport the fixes.

-- 
 Michael J. O'Connor                                          mjo () dojo mi org
 =--==--==--==--==--==--==--==--==--==--==--==--==--==--==--==--==--==--==--=
"Gravity was invented by Isaac Walton."                    -Anguished English

Attachment: _bin
Description:


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]