9.2.2rc1: openssl has to be 0.9.6f
Loomis, Rip
GILBERT.R.LOOMIS at saic.com
Wed Aug 14 20:56:41 UTC 2002
Yep, now that I look closely 0.9.6f does state that it
"is a security and bugfix release" but there's no info
as to the specifics. I had missed this when looking at
the release announcement. Can anyone comment on the likelihood
of older BIND 9.2.1 installations compiled --with-openssl
against 0.9.6e actually being vulnerable to the (unspecified)
vulnerabilities in 0.9.6e?
--Rip
> -----Original Message-----
> From: Jun-ichiro itojun Hagino [mailto:itojun at iijlab.net]
> Sent: Wednesday, 14 August, 2002 14:38
> To: bind9-workers at isc.org
> Subject: 9.2.2rc1: openssl has to be 0.9.6f
>
>
>
> >1349. [security] Mimimum OpenSSL version now 0.9.6e
> (was 0.9.5a).
> >
> http://www.cert.org/advisories/CA-2002-23.html
>
> 0.9.6e is vulnerable. require 0.9.6f or higher.
>
> itojun
>
More information about the bind-workers
mailing list