Question about the Two Recent Security Bulletins
Mark Andrews
Mark_Andrews at isc.org
Fri Jan 26 22:55:43 UTC 2007
> -----
> >
> > Internet Systems Consortium Security Advisory.
> > BIND 9: dereferencing freed fetch context
> > 12 January 2007
> >
> >Versions affected:
> >
> > BIND 9.3.0, 9.3.1, 9.3.2, 9.3.3
> > BIND 9.4.0a1, 9.4.0a2, 9.4.0a3, 9.4.0a4, 9.4.0a5, 9.4.0a6, 9.4.0b1
> > 9.4.0b2, 9.4.0b3, 9.4.0b4, 9.4.0rc1
> > BIND 9.5.0a1 (Bind Forum only)
> -----
> > Internet Systems Consortium Security Advisory.
> > BIND 9: DNSSEC Validation
> > 10 January 2007
> >
> >Versions affected:
> >
> > BIND 9.0.x (all versions of BIND 9.0) (at end-of-life)
> > BIND 9.1.x (all versions of BIND 9.1) (at end-of-life)
> > BIND 9.2.0, 9.2.1, 9.2.2, 9.2.3, 9.2.4, 9.2.5, 9.2.6, 9.2.7
> > BIND 9.3.0, 9.3.1, 9.3.2, 9.3.3
> > BIND 9.4.0a1, 9.4.0a2, 9.4.0a3, 9.4.0a4, 9.4.0a5, 9.4.0a6, 9.4.0b1
> > 9.4.0b2, 9.4.0b3, 9.4.0b4, 9.4.0rc1
> > BIND 9.5.0a1 (Bind Forum only)
> -----
> Since BIND 9.3.2-P1 and 9.3.2-P2 were official releases, should they
> have been listed as vulnerable? Or was that implied?
Implied. None of the patch versions were listed.
When BIND 9.4.0 is release, none of the alpha/beta/release candidates
will be referenced in future releases.
> ----------------------------------------------------------------------
> Barry S. Finkel
> Computing and Information Systems Division
> Argonne National Laboratory Phone: +1 (630) 252-7277
> 9700 South Cass Avenue Facsimile:+1 (630) 252-4601
> Building 222, Room D209 Internet: BSFinkel at anl.gov
> Argonne, IL 60439-4828 IBMMAIL: I1004994
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: Mark_Andrews at isc.org
More information about the bind-users
mailing list