Security Alert: <Fedora Project> : Response Requested
Rahul Sundaram
sundaram at fedoraproject.org
Thu Jul 17 04:52:06 UTC 2008
Ernest Park wrote:
> *Attention <Security Response Team>:*
>
> Our research shows that your project may be using BIND, and may be
> impacted by the vulnerabilities identified below.
>
> Can you please provide a response regarding the impact of the BIND
> vulnerabilities on *<Fedora Project>*? If you have a resolution, or feel
> that you are using an unaffected version of BIND, please confirm such.
> Palamida's Research Group will report this issue within 24hrs. Your
> information will be used to update information reported to US-CERT,
> NVD and Palamida's data library regarding this vulnerability within
> *<Fedora Project>*.
>
>
> 1. What version of BIND is used?
> 2. What is patch or resolution proposed?
This isn't the right mail id for such questions but refer to
https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00402.html
https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00458.html
These are the current versions of Fedora which have already received
security fixes as updates. The fix was to use address port randomization
as specified in
https://bugzilla.redhat.com/show_bug.cgi?id=449345
Also refer
http://lwn.net/Articles/289206/
Rahul
More information about the Fedora-websites-list
mailing list