Security fix to Bind-9.2.8/Bind-9.3.4
Stephen John Smoogen
smooge at gmail.com
Mon Jan 29 15:58:53 UTC 2007
On 1/29/07, Lubomir Kundrak <lkundrak at redhat.com> wrote:
> Hi Stephen,
>
> On Pi, 2007-01-26 at 18:20 -0700, Stephen John Smoogen wrote:
> > --- 9.3.4 released ---
> >
> > 2126. [security] Serialise validation of type ANY responses. [RT #16555]
> >
> > 2124. [security] It was possible to dereference a freed fetch
> > context. [RT #16584]
>
> There is a bug open in bugzilla for this update. See #224443 [1].
> Unfortunately, there is too little information to find out why is update
> 2126 a security issue, and why did not ISC issue an advisory for it.
> *Sigh* ISC is not good at providing with usable informaation.
>
Yeah.. the story I have heard multiple times is, people pay ISC for
support then get better answers on the newsgroups from ISC people.
There was some discussion on ISC this weekend about it with CVE
numbers which probably tell even less :).
http://isc.sans.org/diary.html?storyid=2129
> [1] https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=224443
>
> Regards,
> --
> Lubomir Kundrak (Red Hat Security Response Team)
>
>
--
Stephen J Smoogen. -- CSIRT/Linux System Administrator
How far that little candle throws his beams! So shines a good deed
in a naughty world. = Shakespeare. "The Merchant of Venice"
More information about the Fedora-security-list
mailing list