[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: CERT Advisory CA-2002-19 Buffer Overflow in Multiple DNS Resolver Libraries

"J.H.M. Dassen (Ray)" <dm@zensunni.demon.nl> wrote:

> > Does anyone know if this affects Debian?
> This has been fixed; see http://bugs.debian.org/151342 for details.

Excellent.  To summarise that bug report for the benefit of those
interested, if you are running any of the following packages:

  bind9 bind9-host libbind-dev libdns5 libisc4
  liblwres1 libisccc0 ibisccfg0 dnsutils lwresd

They should be version 9.2.1-3 or higher, which were uploaded to unstable
approximately 6 hours ago (Mon,  1 Jul 2002 00:16:31 -0600).

bind 8 is also vulnerable  (see http://bugs.debian.org/151247)

If you are running any of the the following packages:

  bind bind-dev

Then you need version 8.3.3-1 or higher, which were uploaded to unstable
approximately 12 hours ago (Sun, 30 Jun 2002 21:48:10 -0600).

The fixed packages do not appear to be available yet on

   Sam Vilain, sam@vilain.net     WWW: http://sam.vilain.net/
    7D74 2A09 B2D3 C30F F78E      GPG: http://sam.vilain.net/sam.asc
    278A A425 30A9 05B5 2F13

  I regret to say that we of the FBI are powerless to act in cases of
oral-genital intimacy, unless it has in some way obstructed interstate

To UNSUBSCRIBE, email to debian-security-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

Reply to: