What about BIND 9.3.4 in FreeBSD in base system ?
Chuck Swiger
cswiger at mac.com
Thu Feb 1 20:58:55 UTC 2007
Doug Barton wrote:
> Chris Marlatt wrote:
[ ... ]
> Yes, but whether a full upgrade is needed for "support" or not depends
> on your definition. Given that FreeBSD is not vulnerable to these issues
> in its default configuration, one could easily argue that an upgrade for
> RELENG_5 isn't necessary.
I've been bitten by CVE-2006-4096, and have applied the workaround to limit
the # of outstanding queries. I've got two nameservers tracking 5-STABLE
which were vulnerable to CVE-2006-4095, and I have no doubt that there are
other people besides me who will be affected by CVE-2007-0493.
I'm starting to feel thankful that my important domains include off-site
secondaries which are running djbdns.
Does the FreeBSD security team have a position with regard to whether the
above DoS vulnerabilities ought to be fixed in the 5-STABLE branch?
--
-Chuck
More information about the freebsd-security
mailing list