cve-2011-2464 affected the 9.4-ESV-R4-P1?
Hi all, on the ISC website i don't see that the 9.4-ESV-R4-P1 is affected by the CVE-2011-2464 is it because it's not really affected? or it's affected but i don't see it on versions affected because the 9.4-ESV-R4-P1 has it's EOL date to jun2011. Thanks. Issam HARRATHI. IMPORTANT.Les informations contenues dans ce message electronique y compris les fichiers attaches sont strictement confidentielles et peuvent etre protegees par la loi. Ce message electronique est destine exclusivement au(x) destinataire(s) mentionne(s) ci-dessus. Si vous avez recu ce message par erreur ou s il ne vous est pas destine, veuillez immediatement le signaler a l expediteur et effacer ce message et tous les fichiers eventuellement attaches. Toute lecture, exploitation ou transmission des informations contenues dans ce message est interdite. Tout message electronique est susceptible d alteration. A ce titre, le Groupe France Telecom decline toute responsabilite notamment s il a ete altere, deforme ou falsifie. De meme, il appartient au destinataire de s assurer de l absence de tout virus. IMPORTANT.This e-mail message and any attachments are strictly confidential and may be protected by law. This message is intended only for the named recipient(s) above. If you have received this message in error, or are not the named recipient(s), please immediately notify the sender and delete this e-mail message. Any unauthorized view, usage or disclosure ofthis message is prohibited. Since e-mail messages may not be reliable, France Telecom Group shall not be liable for any message if modified, changed or falsified. Additionally the recipient should ensure they are actually virus free. ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: cve-2011-2464 affected the 9.4-ESV-R4-P1?
on the ISC website i don't see that the 9.4-ESV-R4-P1 is affected by the CVE-2011-2464 is it because it's not really affected? or it's affected but i don't see it on versions affected because the 9.4-ESV-R4-P1 has it's EOL date to jun2011. To be very precise with my language: It is not *exposed*. The issue has two layers. First, there's an underlying bug that's been dormant in our code for a very long time, but there was no way to trigger it... and, second, there's the trigger. Actually, there are two separate triggers: one was introduced in 9.6 and another in 9.7. Neither of them is in any version of 9.4. So, we *will* be releasing 9.4-ESV-R5 soon, and it contains a fix for the underlying bug. But we didn't release a patch today because there's no trigger. -- Evan Hunt -- e...@isc.org Internet Systems Consortium, Inc. ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: cve-2011-2464 affected the 9.4-ESV-R4-P1?
In message 20110705200619.gb99...@isc.org, Evan Hunt writes: on the ISC website i don't see that the 9.4-ESV-R4-P1 is affected by the CVE-2011-2464 is it because it's not really affected? or it's affected but i don't see it on versions affected because the 9.4-ESV-R4-P1 has it's EOL date to jun2011. To be very precise with my language: It is not *exposed*. The issue has two layers. First, there's an underlying bug that's been dormant in our code for a very long time, but there was no way to trigger it... and, second, there's the trigger. Actually, there are two separate triggers: one was introduced in 9.6 and another in 9.7. Neither of them is in any version of 9.4. So, we *will* be releasing 9.4-ESV-R5 soon, and it contains a fix for the underlying bug. But we didn't release a patch today because there's no trigger. Additionally we report if EoL code contains a security vulnerability even if the only fix is to upgrade to a more recent version. It is not in ISC's, nor the public's interest, to leave vulnerable code out there running. Mark -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: ma...@isc.org ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
