Dmitry A Grigorovich
2007-Jan-30 05:04 UTC
What about BIND 9.3.4 in FreeBSD in base system ?
http://www.isc.org/sw/bind/view/?release=9.3.4
SECURITY ADVISORIES
* CVE-2006-4095
CERT Vulnerability Note VU#915404
NISCC 172003
* CVE-2006-4096
CERT Vulnerability Note VU#697164
NISCC 172003
* CAN-2005-0034
NISCC-UNIRAS 20050125-00059
CERT Vulnerability Note VU#938617
[ODiP] == Dmitry Grigorovich
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
The bind9 port was updated the same day that the code and security
advisory were released, so users who are actually vulnerable to these
issues can update immediately. I imported 9.3.4 into HEAD today, and
plan to MFC it after 4 or 5 days. I am actually considering only
MFC'ing it to RELENG_6 to help provide some incentive for those on 5.x
to upgrade.
Of the 3 advisories, 2 are only problems for those that run with
DNSSEC validation. The other is only a problem for those that allow
untrusted users access to named configured as a recursive resolver,
and is a DoS vulnerability, not a remote exploit.
As always, if secteam@ asks me to accelerate the MFC schedule I will,
but they haven't said anything to me yet.
hth,
Doug
- --
This .signature sanitized for your protection
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.1 (FreeBSD)
iD8DBQFFvuJ8yIakK9Wy8PsRAkcRAKD4+mN+gUHZzr1QLmIVmcbP7z4UgQCdFqiZ
WUZWQ1WKITsF5ISHV6EXVaA=4T7Y
-----END PGP SIGNATURE-----