Re: What about BIND 9.3.4 in FreeBSD in base system ?
Doug Barton wrote:
> Chris Marlatt wrote:
[ ... ]
> Yes, but whether a full upgrade is needed for "support" or not depends
> on your definition. Given that FreeBSD is not vulnerable to these issues
> in its default configuration, one could easily argue that an upgrade for
> RELENG_5 isn't necessary.
I've been bitten by CVE-2006-4096, and have applied the workaround to limit
the # of outstanding queries. I've got two nameservers tracking 5-STABLE
which were vulnerable to CVE-2006-4095, and I have no doubt that there are
other people besides me who will be affected by CVE-2007-0493.
I'm starting to feel thankful that my important domains include off-site
secondaries which are running djbdns.
Does the FreeBSD security team have a position with regard to whether the
above DoS vulnerabilities ought to be fixed in the 5-STABLE branch?
--
-Chuck
_______________________________________________
freebsd-security@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-security
To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org"
討論串 (同標題文章)
完整討論串 (本文為第 7 之 17 篇):