Re: CERT Advisory CA-2002-19 Buffer Overflow in Multiple DNS Resolver Libraries
"J.H.M. Dassen (Ray)" <dm@zensunni.demon.nl> wrote:
> > Does anyone know if this affects Debian?
> This has been fixed; see http://bugs.debian.org/151342 for details.
Excellent. To summarise that bug report for the benefit of those
interested, if you are running any of the following packages:
bind9 bind9-host libbind-dev libdns5 libisc4
liblwres1 libisccc0 ibisccfg0 dnsutils lwresd
They should be version 9.2.1-3 or higher, which were uploaded to unstable
approximately 6 hours ago (Mon, 1 Jul 2002 00:16:31 -0600).
bind 8 is also vulnerable (see http://bugs.debian.org/151247)
If you are running any of the the following packages:
bind bind-dev
Then you need version 8.3.3-1 or higher, which were uploaded to unstable
approximately 12 hours ago (Sun, 30 Jun 2002 21:48:10 -0600).
The fixed packages do not appear to be available yet on
security.debian.org
Cheers,
--
Sam Vilain, sam@vilain.net WWW: http://sam.vilain.net/
7D74 2A09 B2D3 C30F F78E GPG: http://sam.vilain.net/sam.asc
278A A425 30A9 05B5 2F13
I regret to say that we of the FBI are powerless to act in cases of
oral-genital intimacy, unless it has in some way obstructed interstate
commerce.
J EDGAR HOOVER
--
To UNSUBSCRIBE, email to debian-security-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Reply to: