I already made this comment when the earlier advisory
on bind was issued:
Reference to 4.x is not completely correct (or at least,
confusing) , since 4.0-RELEASE had
earlier, vulnerable version of bind.

Kris, you probably forgot about your intention to correct that part
of the advisory.

Best,

Igor

> From owner-freebsd-securityFreeBSD.ORG Wed Feb 7 14:29:17 2001
> Date: Wed, 7 Feb 2001 11:28:33 -0800 (PST)
> From: FreeBSD Security Advisories <security-advisoriesFreeBSD.ORG>
> To: FreeBSD Security Advisories <security-advisoriesFreeBSD.ORG>
> Subject: FreeBSD Security Advisory: FreeBSD-SA-01:10.bind [REVISED]
>
> -----BEGIN PGP SIGNED MESSAGE-----
>
> =============================================================================
> FreeBSD-SA-01:10 Security Advisory
> FreeBSD, Inc.
>
> Topic: bind remote denial of service [REVISED]
>
> Category: core, ports
> Module: bind
> Announced: 2001-01-23
> Revised: 2001-02-07
> Credits: Fabio Pietrosanti <fabioTELEMAIL.IT>
> Affects: FreeBSD 3.x prior to the correction date.
> Ports collection prior to the correction date.
> Corrected: 2000-11-27 (FreeBSD 3.5-STABLE)
> 2001-01-05 (Ports collection)
> Vendor status: Updated version released
> FreeBSD only: NO
>
> 0. Revision History
>
> v1.0 2001-01-23 Initial release
> v1.1 2001-02-07 Rerelease to note the far more serious problems described
> in SA-01:18
>

<..>

>
> All versions of FreeBSD 3.x prior to the correction date including
> 3.5.1-RELEASE are vulnerable to this problem. In addition, the bind8
> port in the ports collection is also vulnerable. FreeBSD 4.x is not
> affected since it contains versions of BIND 8.2.3.
>

<...>

To Unsubscribe: send mail to majordomoFreeBSD.org
with "unsubscribe freebsd-security" in the body of the message

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]