David Coulthart wrote:
> On Jan 19, 2010, at 12:28 PM, Evan Hunt wrote:
>> BIND 9.6.1-P3 is a SECURITY PATCH for BIND 9.6.1. It addresses two
>> potential cache poisoning vulnerabilities, both of which could allow
>> a validating recursive nameserver to cache data which had not been
>> authenticat
On Jan 19, 2010, at 12:28 PM, Evan Hunt wrote:
BIND 9.6.1-P3 is a SECURITY PATCH for BIND 9.6.1. It addresses two
potential cache poisoning vulnerabilities, both of which could allow
a validating recursive nameserver to cache data which had not been
authenticated or was invalid.
Do these vulne
> But the CHANGES files list *three* security fixes (2827, 2828 & 2831),
> none of which seem to be superficially the "same" vulnerability. So is
> the "two" above a mistake?
There are two vulnerabilities (see the CERT advisories). One of them, we
thought we'd fixed it, then we noticed something
These announcements for BIND 9.4.3-P5, 9.5.1-P2 and 9.6.1-P3 say
BIND 9.x.x-Px is a SECURITY PATCH for BIND 9.x.x. It addresses two
potential cache poisoning vulnerabilities, both of which could allow
a validating recursive nameserver to cache data which had not been
authenticated or was invali
BIND 9.6.1-P3 is now available.
BIND 9.6.1-P3 is a SECURITY PATCH for BIND 9.6.1. It addresses two
potential cache poisoning vulnerabilities, both of which could allow
a validating recursive nameserver to cache data which had not been
authenticated or was invalid.
B
5 matches
Mail list logo