Waiting for BIND security announcement
Simon L. Nielsen
info at plot.uz
Wed Jul 25 05:38:56 UTC 2007
[freebsd-security@ CC'ed to avoid answering the same there again
shorly :) - if following up, please drop either freebsd-questions or
freebsd-securiy to avoid "spamming" both lists]
On 2007.07.24 18:15:43 -0500, Jeffrey Goldberg wrote:
> As I'm sure many people know there is a newly discovered BIND vulnerability
> allowing cache injection (pharming). See
>
> http://www.isc.org/index.pl?/sw/bind/bind-security.php
>
> for details.
>
> The version of bind on 6.2, 9.3.3, looks like it is vulnerable (along with
> many other versions). It's not particularly an issue for me since my name
> servers aren't publicly queryable, but I am curios about how things like
> security problems in
> src/contrib get handled in FreeBSD.
Yes, the FreeBSD Security Team and the FreeBSD BIND maintainer are
aware of the issue and are working on fixing it in FreeBSD as soon as
possible.
More details about the issue can be found at:
http://www.isc.org/sw/bind/bind-security.php .
Our general security handling policies can be found at:
http://security.FreeBSD.org/ .
--
Simon L. Nielsen
FreeBSD Deputy Security Officer
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 187 bytes
Desc: not available
Url : http://lists.freebsd.org/pipermail/freebsd-questions/attachments/20070725/69276a35/attachment-0002.pgp
More information about the freebsd-questions
mailing list