Date: Tue, 30 Jan 2001 06:06:14 +0300 From: Solar Designer <solar@...nwall.com> To: announce@...ts.openwall.com Subject: BIND 4.9.7-OW5 and 4.9.8-OW1 Hi, COVERT Labs at PGP Security has published a security advisory on a number of BIND vulnerabilities: http://www.pgp.com/research/covert/advisories/047.asp I've released updated versions of the BIND 4.9.x patches (which make it run as a non-root user and chrooted) that include the new fixes. The BIND 4.9.7-OW5 patch contains fixes for the two most critical vulnerabilities (known as "infoleak" and "complain bug") that affect BIND 4.9.7. Older released versions of the BIND 4.9.7-OW patches didn't include these fixes and should be upgraded to at least 4.9.7-OW5 (the -OW patches, when used properly, reduced the impact of the "complain bug" vulnerability, though). The BIND 4.9.8-OW1 patch no longer needs the "infoleak" and "complain bug" fixes (as these bugs are fixed in the 4.9.8 release), but adds a back-port of two fixes from BIND 8.2.2-P3+ (to the "naptr" and "maxdname" bugs, which are believed to be relatively minor and thus were not fixed in deprecated BIND versions including BIND 4). -- /sd
Powered by blists - more mailing lists
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.