I agree with Reindl, but (at the risk of this sounding bad) it also underscores why it is important to proactive in management of risk and change.
If you don't know what you don't know that is very risky behavior. If there is a collective freak out on what to do to get something fixed regardless of the pain and suffering, well .. that is poor change management. The good news is that both of those over-arching issues are addressable. John -----Original Message----- From: bind-users-boun...@lists.isc.org [mailto:bind-users-boun...@lists.isc.org] On Behalf Of Reindl Harald Sent: Wednesday, February 17, 2016 10:34 AM To: bind-users@lists.isc.org Subject: Re: CVE-2015-7547: getaddrinfo() stack-based buffer overflow Am 17.02.2016 um 17:22 schrieb Dominique Jullier: > Are they any thoughts around, how to handle yesterday's glibc > vulnerability[1][2] from the side bind? > > Since it is a rather painful task in order to update all hosts to a > new version of glibc, we were thinking about other possible > workarounds Fedora, RHEL and Debian as well as likely all other relevant distributions are providing a patched glibc - dunno what is "rather painful" to apply a ordinary update like kernel security updates and restart all network relevant processes or reboot _______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
