Thank you. -- Jack Tavares
________________________________________ From: ISC Support Staff [support-st...@isc.org] Sent: Tuesday, March 26, 2013 11:08 To: Jack Tavares Cc: bind-us...@isc.org Subject: Re: ISC Security Advisory: CVE-2013-2266: A Maliciously Crafted Regular Expression Can Cause Memory Exhaustion in named On 3/26/13 10:05 AM, Jack Tavares wrote: > > I have a request for clarification: > > The workaround states to rebuild BIND with regexp support disabled. > > And I see new versions of BIND have been released. > Are those versions just a rebuild with regexp support disabled? > Or are they a more comprehensive fix? This question is addressed in the "CVE-2013-2266: FAQ and Supplemental Information" Knowledge Base article, which I encourage everyone to read. https://kb.isc.org/article/AA-00879 Please see specifically the section which begins: "What is the difference between deploying the patched versions of BIND versus implementing the documented workaround?" Thanks, Michael McNally ISC Support _______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
