Home page logo

oss-sec logo oss-sec mailing list archives

Re: The Bind incident
From: "Mike O'Connor" <mjo () dojo mi org>
Date: Wed, 6 Jul 2011 05:18:18 -0400

:On Tue, Jul 05, 2011 at 07:17:32PM +0800, Eugene Teo wrote:
:> You might have read about AusCert's accidental disclosure of the ISC
:> Bind advisories today. If you have more information about this, please
:> share. AFAICS, the bind source packages are still not available at the
:> ISC website.
:> https://bugzilla.redhat.com/CVE-2011-2464
:> https://bugzilla.redhat.com/CVE-2011-2465
:> http://risky.biz/auscert-bind
:> http://pastebin.com/9NUt8Pk0
:Here are the ISC advisories:
:The oldest affected version is 9.6'ish, and the advisories explicitly
:say that "Other versions of BIND 9 not listed in this advisory are not
:vulnerable to this problem."  So those of us with older BIND 9 appear to
:have nothing to do on this. ;-)  (Of course, we might have other/older
:issues to patch.)

Note that the BIND 9.4 ESV formally EOLed just last month:


So, if you are distributing an older rev of BIND and some new security
issue comes up that you are prone to, it _might_ not be quite as easy to
backport the fixes.

 Michael J. O'Connor                                          mjo () dojo mi org
"Gravity was invented by Isaac Walton."                    -Anguished English

Attachment: _bin

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]