Re: BIND 9.6.1-P3 Vulnerabilities

[Cathy Almond]

On 07/06/11 16:21, Borgia, Joe A CTR USAF AFMC AFRL/RIOS wrote:
 BIND 9.6.1-P3 seems to be a somewhat old release of BIND, and yet, I can
 find no vulnerabilities listed on the ISC Security Advisories pages. Am
 I missing something?

Yes. :-(

https://www.isc.org/software/bind/security/matrix
CVE-2010-3614 - Key algorithm rollover bug in BIND 9
CVE-2010-3613 - cache incorrectly allows an ncache entry and an RRSIG
for the same type
https://www.isc.org/software/bind/advisories/cve-2010-3614
https://www.isc.org/software/bind/advisories/cve-2010-3613

If you did a website search for 9.6.1-P3, you wouldn't have found these
two because the Versions affected: lists a range.

We're trying to list all versions explicitly in newer advisories to make
things a bit clearer - but if a problem affects all BIND9 versions, that
makes it a bit challenging!

We're also pondering on how to make the matrix more readable/useful
without losing the detail that we think people want/need - possibly by
splitting it into several (e.g. 9.8 versions, 9.7 versions and so on).

Hope this helps anyway.
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

BIND 9.6.1-P3 Vulnerabilities

[Borgia, Joe A CTR USAF AFMC AFRL/RIOS]

BIND 9.6.1-P3 seems to be a somewhat old release of BIND, and yet, I can
find no vulnerabilities listed on the ISC Security Advisories pages. Am
I missing something?

 

Regards,

Joe

 



Joseph A. Borgia, Jr.

Network Services Team Lead

Team Rome IT - NCI Information Systems

CompTIA - Security+ Certified

Oracle Solaris Certified Professional

U.S. Air Force Research Laboratory/Rome Research Site/RIOS

COMM: 315-330-3952

DSN: 587-3952

FAX: 315-330-8258

 

___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users