Hello BIND users, When the "GHOST" vulnerability in GNU libc was disclosed, we received many questions from customers and users about how BIND was affected.
Our official position is, as always, that operators should upgrade all linked libraries to unaffected versions, regardless of whether BIND can trigger the bug. And while we found no reason for concern about the GHOST vulnerability being exploitable in the main core of named, additional scrutiny of code contributed to BIND (the "contrib" directory in the source tarballs) shows that the MySQL DLZ module is potentially exploitable due to its use of gethostbyname(). We therefore recommend that BIND operators who are using DLZ, if they are using the contributed MySQL module, should take immediate action to upgrade their glibc to fix the GHOST vulnerability. -- Chuck Aurora : ISC Software Support : chu...@isc.org Internet Systems Consortium, Inc. _______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users