Hello BIND users,
When the "GHOST" vulnerability in GNU libc was disclosed, we received
many questions from customers and users about how BIND was affected.
Our official position is, as always, that operators should upgrade all
linked libraries to unaffected versions, regardless of whether BIND can
trigger the bug.
And while we found no reason for concern about the GHOST vulnerability
being exploitable in the main core of named, additional scrutiny of code
contributed to BIND (the "contrib" directory in the source tarballs)
shows that the MySQL DLZ module is potentially exploitable due to its
use of gethostbyname().
We therefore recommend that BIND operators who are using DLZ, if they
are using the contributed MySQL module, should take immediate action to
upgrade their glibc to fix the GHOST vulnerability.
--
Chuck Aurora : ISC Software Support : chu...@isc.org
Internet Systems Consortium, Inc.
_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
