Mark Andrews wrote:
Chris Marlatt wrote:
Doug Barton wrote:
plan to MFC it after 4 or 5 days. I am actually considering only
MFC'ing it to RELENG_6 to help provide some incentive for those on 5.x
to upgrade.
One would assume that the release would be supported up until the EOL
provided on freebsd.org of May 31, 2008.
Yes, but whether a full upgrade is needed for "support" or not depends
on your definition. Given that FreeBSD is not vulnerable to these
issues in its default configuration, one could easily argue that an
upgrade for RELENG_5 isn't necessary.
Doug
The subject here is 9.3.4. All the issues raised
in this thread so far were addressed as of 9.3.2-P2
/ 9.3.3. To the best of my knowledge these have
already been addresed.
There are two new issue for 9.3.4.
CVE-2007-0494 which is only a problem if you are
doing DNSEC validation.
CVE-2007-0493 which any recursive 9.3.x (x<4) named
is vulnerable.
Both of these are problems if you allow untrusted users access to the
name server (likely if you're in a production environment). The way
FreeBSD ships, named is off, and the example configuration files are
set up to create a recursive resolver that only listens on 127.0.0.1.
I would expect that users who rely on BIND in a production setting to
either have upgraded to FreeBSD 6-stable, be using the port, or some
other custom configuration, or both.
Doug
--
This .signature sanitized for your protection
_______________________________________________
freebsd-security@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-security
To unsubscribe, send any mail to "[EMAIL PROTECTED]"
