Openwall Project   /home  Owl  JtR  Pro  crypt  pam_passwdqc  tcb  phpass  scanlogd  popa3d  msulogin  /  Linux  BIND  /  advisories  presentations  /  services  donations  /  wordlists  passwords  /  news  community  lists  wiki  CVSweb  mirrors  signatures
bringing security into open environments
 
Password Recovery Resources on the Net
[<prev] [next>] [<thread-prev] [thread-next>] [month] [year] [list] 
Date: Wed, 9 Jul 2008 12:53:55 +0000
From: The Fungi <fungi@...goth.org>
To: oss-security@...ts.openwall.com
Subject: Re: DNS vulnerability: other relevant software

On Wed, Jul 09, 2008 at 02:07:01PM +0200, Matthias Geerdsen wrote:
> looking at some of the DNS related software in our tree, I thought
> it might be nice to keep track of any findings of affected and
> unaffected packages...
[...]

Additionally, Debian has noted (DSA 1605-1) that the GNU libc stub
resolver could benefit from random query source ports as well, but
no patches are currently available to implement this:

http://www.debian.org/security/2008/dsa-1605

-- 
{ IRL(Jeremy_Stanley); PGP(9E8DFF2E4F5995F8FEADDC5829ABF7441FB84657);
SMTP(fungi@...goth.org); IRC(fungi@....yuggoth.org#ccl); ICQ(114362511);
AIM(dreadazathoth); YAHOO(crawlingchaoslabs); FINGER(fungi@...goth.org);
MUD(fungi@...arsis.mudpy.org:6669); WWW(http://fungi.yuggoth.org/); }

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Hosted by DataForce ISP - Powered by Openwall GNU/*/Linux