Re: 8-STABLE base BIND version number typo ?
On 27 August 2012 10:11, Damien Fleuriot m...@my.gd wrote: Hello list, We're currently running Nessus PCI DSS scans on our infrastructure to eliminate known vulnerabilities and problems. The scan reports that my version of BIND is vulnerable to exploits I *know* it isn't. The problem, to me, seems to be with the version number as reported by named -V : BIND 9.6.-ESV-R7-P2 built with '--prefix=/usr' '--infodir=/usr/share/info' '--mandir=/usr/share/man' '--enable-threads' '--enable-getifaddrs' '--disable-linux-caps' '--with-openssl=/usr' '--with-randomdev=/dev/random' '--without-idn' '--without-libxml2' (notice the .- notation) This is the base's BIND running on 8.3-STABLE 64 bits compiled and built on 22/08/12 : FreeBSD pf1-dmz-gs.[snip] 8.3-STABLE FreeBSD 8.3-STABLE #2: Wed Aug 22 10:41:47 CEST 2012 I have verified that building the exact same version from the ports, at /usr/ports/dns/bind96 yields the correct version number and the vulnerabilities are no longer reported by the scan, which uses BIND's version number as a reference. Has anyone else noticed the same oddity, that I might fill a PR ? Hello list, I seem to have seen no replies. Would anyone kindly confirm they've got the same problem so we can get a PR filled ? ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: 8-STABLE base BIND version number typo ?
I seem to have seen no replies. Would anyone kindly confirm they've got the same problem so we can get a PR filled ? # named -V BIND 9.6.-ESV-R5-P1 built with '--prefix=/usr' '--infodir=/usr/share/info' '--mandir=/usr/share/man' '--enable-threads' '--enable-getifaddrs' '--disable-linux-caps' '--with-openssl=/usr' '--with-randomdev=/dev/random' '--without-idn' '--without-libxml2' # uname -a FreeBSD xxx.xx 8.3-RELEASE-p3 FreeBSD 8.3-RELEASE-p3 #0: Mon Jun 11 23:52:38 UTC 2012 r...@i386-builder.daemonology.net:/usr/obj/usr/src/sys/GENERIC i386 ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
8-STABLE base BIND version number typo ?
Hello list, We're currently running Nessus PCI DSS scans on our infrastructure to eliminate known vulnerabilities and problems. The scan reports that my version of BIND is vulnerable to exploits I *know* it isn't. The problem, to me, seems to be with the version number as reported by named -V : BIND 9.6.-ESV-R7-P2 built with '--prefix=/usr' '--infodir=/usr/share/info' '--mandir=/usr/share/man' '--enable-threads' '--enable-getifaddrs' '--disable-linux-caps' '--with-openssl=/usr' '--with-randomdev=/dev/random' '--without-idn' '--without-libxml2' (notice the .- notation) This is the base's BIND running on 8.3-STABLE 64 bits compiled and built on 22/08/12 : FreeBSD pf1-dmz-gs.[snip] 8.3-STABLE FreeBSD 8.3-STABLE #2: Wed Aug 22 10:41:47 CEST 2012 I have verified that building the exact same version from the ports, at /usr/ports/dns/bind96 yields the correct version number and the vulnerabilities are no longer reported by the scan, which uses BIND's version number as a reference. Has anyone else noticed the same oddity, that I might fill a PR ? ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org