Thanks. I overlooked this RPM because of the date. It seems to take
care of vulnerabilities in the name server itself, but are there
applications that have been compiled with vulnerable versions of the DNS
resolver libraries? I insert below an excerpt from the ISC web page:
NOTE: Upgrading the name server DOES NOT remove this vulnerability. To
remove this vulnerability, ALL applications linked to a
vulnerable version of the stub resolver library must
be re-linked with a non-vulnerable version. Note that if static libaries
were
used, the the static library must be updated and all
applications must be relinked. If shared libraries were used, then
upgrading the
shared library will suffice.
If there are such applications packaged with the Red Hat OS, they will
be vulnerable. Does anyone know if such applications exist?
Thanks,
Ken Traynham
Samuel Flory
<sflory@rackable. To: [EMAIL PROTECTED]
com> cc:
Sent by: Subject: Re: BIND Vulnerabilities
redhat-list-admin
@redhat.com
07/09/02 01:54 PM
Please respond to
redhat-list
http://rhn.redhat.com/errata/RHSA-2002-105.html
On Tue, 2002-07-09 at 10:49, [EMAIL PROTECTED] wrote:
> On June 28 CERT released an advisory (CA-2002-19) citing a buffer
> overflow problem in applications that are compiled with DNS resolver
> libraries from ISC BIND (libbind) and BSD (libc). Because of this
> vulnerability and others, ISC strongly recommends that BIND be
upgraded
> to Version 9.2.1.
>
> I am not aware of any information or updates that have been released
by
> Red Hat concerning this vulnerability. Further, I have been unable to
> find a Red Hat RPM for BIND 9.2.1.
>
> Would someone please let me know if there are fixes available for this
> advisory, including an RPM for BIND 9.2.1? Failing that, has Red Hat
> released any information concerning this vulnerability?
>
> Thank you,
> Ken Traynham
>
>
>
> _______________________________________________
> Redhat-list mailing list
> [EMAIL PROTECTED]
> https://listman.redhat.com/mailman/listinfo/redhat-list
>
_______________________________________________
Redhat-list mailing list
[EMAIL PROTECTED]
https://listman.redhat.com/mailman/listinfo/redhat-list
_______________________________________________
Redhat-list mailing list
[EMAIL PROTECTED]
https://listman.redhat.com/mailman/listinfo/redhat-list
