Update to BIND query.c CVE-2011-4313
cet1 at cam.ac.uk
Mon Dec 5 23:15:50 UTC 2011
On Dec 5 2011, Susan Graves wrote on bind-announce:
>Please see today's update to CVE-2011-4313
>ISC's final analysis of this event.
>Also, please review our KnowledgeBase article
>(_https://deepthought.isc.org/article/AA-00549_) for additional
>information including possible operational considerations and a workaround.
Now that "the original trigger for this incident no longer exists", is
it permissible to ask which the zone involved was? I have been assuming
it was another one in "gov", just because the early reports were from the
US and no-one around here seems to have had their recursive nameservers
crash. [We upgraded to BIND 9.8.1-P1 anyway, of course.]
Email: cet1 at cam.ac.uk
More information about the bind-users