Re: [SECURITY] [DSA 3481-1] glibc security update

To: Peter Ludikovsky <peter@ludikovsky.name>
Cc: debian-security@lists.debian.org
Subject: Re: [SECURITY] [DSA 3481-1] glibc security update
From: Noah Meyerhans <noahm@debian.org>
Date: Tue, 16 Feb 2016 07:52:23 -0800
Message-id: <[🔎] 20160216155223.GE14940@insomnia.internal.morgul.net>
Mail-followup-to: Noah Meyerhans <noahm@debian.org>, Peter Ludikovsky <peter@ludikovsky.name>, debian-security@lists.debian.org
In-reply-to: <[🔎] 56C340F0.4050603@ludikovsky.name>
References: <E1aVgSR-0003M5-RI@master.debian.org> <[🔎] 56C340F0.4050603@ludikovsky.name>

On Tue, Feb 16, 2016 at 04:32:00PM +0100, Peter Ludikovsky wrote:
> A question to those more knowledgeable: we're using our own DNS
> servers for all lookups, and those do recursive lookup for any
> external addresses. Am I right to assume that Bind9 uses it's own
> implementation for DNS lookups? Or are those now basically ticking
> time bombs?

Bind does not use getaddrinfo() when performing DNS lookups on behalf of
clients. However, it may use it when resolving hostnames listed in
configfiles, e.g. in the masters list for a slave zone.

If at all possible, I would update libc and restart named, which should
be sufficient to protect that particular service from impact.

noah

Attachment: signature.asc
Description: Digital signature

Reply to:

References:
- Re: [SECURITY] [DSA 3481-1] glibc security update
  - From: Peter Ludikovsky <peter@ludikovsky.name>

Prev by Date: Re: [SECURITY] [DSA 3481-1] glibc security update
Next by Date: Re: [SECURITY] [DSA 3481-1] glibc security update
Previous by thread: Re: [SECURITY] [DSA 3481-1] glibc security update
Next by thread: Re: [SECURITY] [DSA 3481-1] glibc security update
Index(es):
- Date
- Thread