[1833] in linux-security and linux-alert archive

home help back first fref pref prev next nref lref last post

[linux-security] Re: Named update for RH 4.2 exploitable?

daemon@ATHENA.MIT.EDU (Bryan C. Andregg)
Sun Jun 7 10:52:35 1998

To: linux-security@redhat.com
From: bryan@redhat.com (Bryan C. Andregg)
Date: 7 Jun 1998 14:37:33 GMT
Reply-To: bryan@redhat.com
Resent-From: linux-security@redhat.com

On Sat, 6 Jun 1998 17:10:21 -0400 (EDT), <mhw@wittsend.com> wrote:
> 	Ahhhhh!!!!  If the latest RPM's are STILL using 4.9.x instead of
> the latest 8.1.x, people should be really upset.  Bind 8.1.1 has been out
> for quite some time and, unless you have turned on those assinine fake INVQ
> inverse queries, it is not vulnerable to the remote root hack.  It was still
> vulnerable to several DoS attacks and everyone should now be using 8.1.2.
> I don't know what's in the RPM's simply because I build straight from Paul
> Vixie's sources up at www.isc.com.  I know of no reasons to be sitting
> on the 4.9.x stuff any more unless you are in love with or need some
> compatibility with /etc/named.boot (8.1.x uses the newer, more flexible
> /etc/named.conf).

The latest RPMs are still 4.9.x because as of the pressing of 5.1
BIND-8.1.2-TR3 was all that was available and still suffered from serious
memory problems.

Typically we try to avoid major upgrades (BIND 4.9.x -> BIND 8.1.2) during a
release cycle because of support reasons. We are working on a way to solve
this for this case though.

-- 

                Bryan C. Andregg * <bandregg@redhat.com> * Red Hat Software

"So hang the brand-name ego at the door and think about what I'm saying" -
	Peter Da Silva

-- 
----------------------------------------------------------------------
Please refer to the information about this list as well as general
information about Linux security at http://www.aoy.com/Linux/Security.
----------------------------------------------------------------------

To unsubscribe:
  mail -s unsubscribe linux-security-request@redhat.com < /dev/null


home help back first fref pref prev next nref lref last post