BIND 9.2.2 Vulnerabilities?

From: John (bugtraqat_private)
Date: Tue Mar 04 2003 - 11:04:20 PST

Next message: Jon Larabee: "Sendmail testing tool."

Previous message: David Huecking: "Re: Sendmail testing tool."
Next in thread: David Kennedy CISSP: "Re: BIND 9.2.2 Vulnerabilities?"
Reply: David Kennedy CISSP: "Re: BIND 9.2.2 Vulnerabilities?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

The ISC website lists the following as of today:

http://www.isc.org/products/BIND/bind-security.html

"ISC has discovered or has been notified of several bugs which can result 
in vulnerabilities of varying levels of severity in BIND as distributed by 
ISC. Upgrading to BIND version 9.2.2 is strongly recommended. If you 
cannot upgrade, BIND 8.3.4, 8.2.7, and 4.9.11 are available."

9.2.2 apparently was just released yesterday though I've seen no 
discussion about any specific vulnerabilities.

The matrix at the bottom of the list shows two vulnerabilities, one with 
openssl, the other with libbind.

Can anyone elaborate on what's happened here?  I susbscribe to the BIND 
mailing list and haven't heard anything about this issue.

Thx

Next message: Jon Larabee: "Sendmail testing tool."
Previous message: David Huecking: "Re: Sendmail testing tool."
Next in thread: David Kennedy CISSP: "Re: BIND 9.2.2 Vulnerabilities?"
Reply: David Kennedy CISSP: "Re: BIND 9.2.2 Vulnerabilities?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Tue Mar 04 2003 - 12:57:35 PST