Date: Tue, 4 Mar 2003 13:04:20 -0600 (CST)
From: John <[email protected]>
To: [email protected]Subject: BIND 9.2.2 Vulnerabilities?
The ISC website lists the following as of today:
http://www.isc.org/products/BIND/bind-security.html
"ISC has discovered or has been notified of several bugs which can result
in vulnerabilities of varying levels of severity in BIND as distributed by
ISC. Upgrading to BIND version 9.2.2 is strongly recommended. If you
cannot upgrade, BIND 8.3.4, 8.2.7, and 4.9.11 are available."
9.2.2 apparently was just released yesterday though I've seen no
discussion about any specific vulnerabilities.
The matrix at the bottom of the list shows two vulnerabilities, one with
openssl, the other with libbind.
Can anyone elaborate on what's happened here? I susbscribe to the BIND
mailing list and haven't heard anything about this issue.
Thx
