Justin Mason wrote: > > This issue has no security impact. The flaw will cause Net::DNS to > "croak", which in turn should be handled by the calling application. In > the case of RHEL, the only known application that uses this > functionality is Spamassassin. Spamassassin handles this failure > gracefully and continues to function, minus the DNS tests. > > we haven't seen details of the vulnerability, but I think Josh's take on > the issue sounds correct. > > if anyone has a demo of the bug, please pass it on so we can try it out. > > i guess a 'croak' isn't a dos... ;-)
its in freebsd ports, a 'portupgrade p5-Net-DNS' should update it quickly. > --j. > > -- Michael Scheidell, CTO Main: 561-999-5000, Office: 561-939-7259 > *| *SECNAP Network Security Corporation Winner 2008 Technosium hot company award. www.technosium.com/hotcompanies/ <http://www.technosium.com/hotcompanies/> _________________________________________________________________________ This email has been scanned and certified safe by SpammerTrap(tm). For Information please see http://www.spammertrap.com _________________________________________________________________________ ------------------------------------------------------------------------- Check out the new SourceForge.net Marketplace. It's the best place to buy or sell services for just about anything Open Source. http://ad.doubleclick.net/clk;164216239;13503038;w?http://sf.net/marketplace _______________________________________________ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/