Date: Sat, 29 Jun 2002 19:24:02 +0400 From: Solar Designer <solar@...nwall.com> To: announce@...ts.openwall.com Cc: lwn@....net Subject: BIND 4.9.8-OW2 and 4.9.9-OW1 released Hi, Joost Pol of PINE-CERT has discovered a vulnerability in the resolver library code used on *BSD (as well as on a number of other systems, including those based around the GNU C library prior to version 2.1.3) and included with BIND. The vulnerability affects applications and BIND tools that use the vulnerable library code. The BIND DNS server itself (named) is unaffected. You may refer to the CERT advisory for more information: http://www.cert.org/advisories/CA-2002-19.html The BIND 4.9.8-OW2 patch and BIND 4.9.9 release (and thus 4.9.9-OW1) include fixes for this vulnerability, originally developed by Jun-ichiro itojun Hagino of NetBSD. The updated patches are available at the usual place: http://www.openwall.com/bind/ Note that in order to make use of the fixes you need to rebuild all applications that are statically linked against and make use of the BIND-provided resolver routines. No release or branch of Openwall GNU/*/Linux (Owl) is known to be affected, due to Olaf Kirch's fixes for this problem getting into the GNU C library more than two years ago. -- /sd
Powered by blists - more mailing lists
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.