9.2.2rc1: openssl has to be 0.9.6f

Loomis, Rip GILBERT.R.LOOMIS at saic.com
Wed Aug 14 20:56:41 UTC 2002

Yep, now that I look closely 0.9.6f does state that it
"is a security and bugfix release" but there's no info
as to the specifics.  I had missed this when looking at
the release announcement.  Can anyone comment on the likelihood
of older BIND 9.2.1 installations compiled --with-openssl
against 0.9.6e actually being vulnerable to the (unspecified)
vulnerabilities in 0.9.6e?


> -----Original Message-----
> From: Jun-ichiro itojun Hagino [mailto:itojun at iijlab.net]
> Sent: Wednesday, 14 August, 2002 14:38
> To: bind9-workers at isc.org
> Subject: 9.2.2rc1: openssl has to be 0.9.6f
> >1349.   [security]      Mimimum OpenSSL version now 0.9.6e 
> (was 0.9.5a).
> >                        
> http://www.cert.org/advisories/CA-2002-23.html
> 	0.9.6e is vulnerable.  require 0.9.6f or higher. 
> itojun

More information about the bind-workers mailing list