[Aargh, ISC has done it again -- kept quiet about vulnerabilities in BIND and only revealed them late and sneakily. Anyway, please upgrade BIND/named as soon as a new version is available from your vendor -- Raju]
This is an RFC 1153 digest. (1 message) ---------------------------------------------------------------------- Message-ID: <[EMAIL PROTECTED]> From: John <[EMAIL PROTECTED]> To: [EMAIL PROTECTED] Subject: BIND 9.2.2 Vulnerabilities? Date: Tue, 4 Mar 2003 13:04:20 -0600 (CST) The ISC website lists the following as of today: http://www.isc.org/products/BIND/bind-security.html "ISC has discovered or has been notified of several bugs which can result in vulnerabilities of varying levels of severity in BIND as distributed by ISC. Upgrading to BIND version 9.2.2 is strongly recommended. If you cannot upgrade, BIND 8.3.4, 8.2.7, and 4.9.11 are available." 9.2.2 apparently was just released yesterday though I've seen no discussion about any specific vulnerabilities. The matrix at the bottom of the list shows two vulnerabilities, one with openssl, the other with libbind. Can anyone elaborate on what's happened here? I susbscribe to the BIND mailing list and haven't heard anything about this issue. Thx ------------------------------ End of this Digest ****************** -- Raj Mathur [EMAIL PROTECTED] http://kandalaya.org/ It is the mind that moves ================================================ To unsubscribe, send email to [EMAIL PROTECTED] with unsubscribe in subject header. Check archives at http://www.mail-archive.com/ilugd%40wpaa.org
