[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: [DSA 1605-1] DNS vulnerability impact on the libc stub resolver


 Thanks to Florian for this reply.

On Sun, 10 Aug 2008 22:11:05 +0200
Florian Weimer <fw@deneb.enyo.de> wrote:
> The 2.6.24
> kernel available since the last etch point release offers some
> protection as well.

 Umm? This is NEW information for me. Could you give me any references?
 (certainly if you can disclosure. It is a sensitive issue.) 

> Unfortunately, it turns out the GNU libc fix is more difficult than
> initially assumed.  However, I didn't know at the time how aggressively
> the stub resolver issue would be pushed, so I opted for the advisory to
> document that the issue is on our radar screen.

 Okay, thanks. I'll wait.

 And do you know this article?
 If it's true, ... it's fear.

 BTW, in Japan, there are a lot of wireless Access Point (in Cafe, McDonalds 
 or so) and many many people (Windows, Mac and a few Linux and *BSD users ;) 
 use such wireless AP and unpatched name servers provided by dhcpd...

 oh no ;(


 Hideki Yamane     henrich @ debian.or.jp/iijmio-mail.jp

Reply to: