ISC Security Advisory: CVE-2013-2266: A Maliciously Crafted Regular Expression Can Cause Memory Exhaustion in named
Jack Tavares
j.tavares at F5.com
Tue Mar 26 18:12:01 UTC 2013
Thank you.
--
Jack Tavares
________________________________________
From: ISC Support Staff [support-staff at isc.org]
Sent: Tuesday, March 26, 2013 11:08
To: Jack Tavares
Cc: bind-users at isc.org
Subject: Re: ISC Security Advisory: CVE-2013-2266: A Maliciously Crafted Regular Expression Can Cause Memory Exhaustion in named
On 3/26/13 10:05 AM, Jack Tavares wrote:
>
> I have a request for clarification:
>
> The workaround states to rebuild BIND with regexp support disabled.
>
> And I see new versions of BIND have been released.
> Are those versions just a rebuild with regexp support disabled?
> Or are they a more comprehensive fix?
This question is addressed in the "CVE-2013-2266: FAQ and Supplemental
Information" Knowledge Base article, which I encourage everyone to read.
https://kb.isc.org/article/AA-00879
Please see specifically the section which begins:
"What is the difference between deploying the patched versions
of BIND versus implementing the documented workaround?"
Thanks,
Michael McNally
ISC Support
More information about the bind-users
mailing list