[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: Security Alert: <Fedora Project> : Response Requested



Ernest Park wrote:
*Attention <Security Response Team>:*
Our research shows that your project may be using BIND, and may be impacted by the vulnerabilities identified below. Can you please provide a response regarding the impact of the BIND vulnerabilities on *<Fedora Project>*? If you have a resolution, or feel that you are using an unaffected version of BIND, please confirm such. Palamida's Research Group will report this issue within 24hrs. Your information will be used to update information reported to US-CERT, NVD and Palamida's data library regarding this vulnerability within *<Fedora Project>*.
         1. What version of BIND is used?
         2. What is patch or resolution proposed?


This isn't the right mail id for such questions but refer to

https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00402.html
https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00458.html

These are the current versions of Fedora which have already received security fixes as updates. The fix was to use address port randomization as specified in

https://bugzilla.redhat.com/show_bug.cgi?id=449345

Also refer

http://lwn.net/Articles/289206/

Rahul



[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]