Whom the BIND newest vulnerability concerns?

To: debian-devel@lists.debian.org
Subject: Whom the BIND newest vulnerability concerns?
From: Tomasz Papszun <tomek@lodz.tpsa.pl>
Date: Fri, 12 Nov 1999 14:06:23 +0100
Message-id: <19991112140622.A30598@lodz.tpsa.pl>

Hello, 

the slink (stable) version of bind (1:8.1.25) is relatively old and -
according to 
http://www.isc.org/products/BIND/bind-security-19991108.html
- it contains a few security bugs. 
The newest vulnerability _may_ lead to remote root compromise.

Is a corrected package expected?

I'm a little scared of this latest bug... It is connected with "the
processing of NXT records". I haven't managed to find a clear description
of this type (NXT) records; seems this is quite new type. 

So my concern is: if a server has _not_ such records in its own files, is
it vulnerable?

-- 
 Tomasz Papszun   SysAdm @ TP S.A. Lodz, Poland  | And it's only
 tomek@lodz.tpsa.pl   http://www.lodz.tpsa.pl/   | ones and zeros.

Reply to:

Follow-Ups:
- Re: Whom the BIND newest vulnerability concerns?
  - From: Jonathan McDowell <noodles@ox.compsoc.net>
- Re: Whom the BIND newest vulnerability concerns?
  - From: Russell Coker <russell@coker.com.au>

Prev by Date: Re: fakeroot: log open() calls?
Next by Date: Re: Whom the BIND newest vulnerability concerns?
Previous by thread: BIND update ?
Next by thread: Re: Whom the BIND newest vulnerability concerns?
Index(es):
- Date
- Thread