Re: Resolver Libraries Advisory
On Sat, Jun 29, 2002 at 10:15:15AM +0100, No.Sp@m.here.please wrote :
> I presume http://www.cert.org/advisories/CA-2002-19.html effects the
> Debian instances of libc and Bind9?
I'm completely confused what I should make of this advisory.
If you read the following paragraph:
"Internet Software Consortium
All versions of BIND 4 from 4.8.3 prior to BIND 4.9.9 are
vulnerable.
All versions of BIND 8 prior to BIND 8.2.6 are vulnerable.
All versions of BIND 8.3.x prior to BIND 8.3.3 are
vulnerable.
BIND versions BIND 9.2.0 and BIND 9.2.1 are vulnerable.
BIND version 4.8 does not appear to be vulnerable.
BIND versions BIND 9.0.x and BIND 9.1.x are not vulnerable.
'named' itself is not vulnerable."
'named' is not vulnerable, only the resolver library? So if
I've configured all machines to use my "named" (i.e. they
never contact a malicious dns server), what is the inpact
them?
- Markus
--
To UNSUBSCRIBE, email to debian-security-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Reply to: