BIND 4.9.8-REL released
Paul A Vixie
vixie at mfnx.net
Sat Jan 27 23:42:59 UTC 2001
-----BEGIN PGP SIGNED MESSAGE-----
As promised some years ago, BIND4 has been treated as dead code in favour
of (then) BIND8 and (now) BIND9. However, also as promised, whenever a
particularly aggregious security flaw is uncovered in BIND4, a new release
will be made.
bind-4.9.8-REL differs in no functional way from bind-4.9.8-t1b. However,
it will print a different version number (4.9.8-REL rather than 4.9.8-T1B)
when the server starts up.
MD5 (bind-4.9.8-REL.tar.gz) = 54af73af5b4988b23e774e6f2401625f
MD5 (bind-4.9.8-REL.tar.gz.asc) = 3f62c15fe64ecd840b8ada96d1f6ca62
817. [security] do not call syslog() with unbounded network data.
816. [port] main() is an int.
815. [security] pull in several bind8 protocol handling fixes.
814. [support] turn off XSTATS by default
813. [port] add __printflink(), __scanflike() to compat/include/sys/cdefs.h
Disclaimer: BIND4 is dead code, and has a number of other security defects
besides those being fixed in 4.9.8, and should not be run on any name
server which is connected to the internet or connected to a private network
which has more than one user. To the best of ISC's direct knowledge, there
are known root-level exploits in bind-4.9.8-REL. However, BIND4 is generally
susceptible to a number of protocol-related "spoofing" attacks that BIND8 and
BIND9 are proof against. And of course, DNS without DNSSEC will never be
fully proof against this kind of protocol-related "spoofing" attack.
You should be running BIND-9.1.0, or failing that, BIND-8.2.3.
See http://www.isc.org/ for more information about ISC and BIND.
-----BEGIN PGP SIGNATURE-----
Comment: Processed by Mailcrypt 3.5.5, an Emacs/PGP interface
-----END PGP SIGNATURE-----
More information about the bind-announce