FreeBSD 7.1 and BIND exploit
Doug Barton
dougb at FreeBSD.org
Mon Jul 21 19:14:28 UTC 2008
-----BEGIN PGP SIGNED MESSAGE-----
Hash: RIPEMD160
Brett Glass wrote:
| Everyone:
|
| Will FreeBSD 7.1 be released in time to use it as an upgrade to
| close the BIND cache poisoning hole?
Brett, et al,
I'll make this simple for you. If you have a server that is running
BIND, update BIND now. If you need to use the ports, that's fine, just
do it now. Make sure that you are not specifying a port via any
query-source* options in named.conf, and that any firewall between
your named process and the outside world does keep-state on outgoing
UDP packets.
If you have a system with BIND installed (as it is by default) but you
are NOT running named, you don't need to worry about updating now, but
you should do it "soonish" just in case someone gets a wild hair and
starts up named on that box.
As for the meta-question, FreeBSD is currently operating on a
time-based release schedule, not a feature-based one. And to your
actual question, the answer is no.
hope this helps,
Doug
- --
~ This .signature sanitized for your protection
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.9 (FreeBSD)
iEYEAREDAAYFAkiE4A0ACgkQyIakK9Wy8PtSWACeN+lmId1jdMF9zGt3v905XEgy
bT8AoJtmWCWRjyXSktaeJ6IHiwJas7Fk
=vtRp
-----END PGP SIGNATURE-----
More information about the freebsd-stable
mailing list