[CVS] OpenPKG: openpkg-web/security OpenPKG-SA-2002.011-bind8.txt

Fri, 15 Nov 2002 04:28:32 -0800 

  OpenPKG CVS Repository
  http://cvs.openpkg.org/
  ____________________________________________________________________________

  Server: cvs.openpkg.org                  Name:   Michael Schloh
  Root:   /e/openpkg/cvs                   Email:  [EMAIL PROTECTED]
  Module: openpkg-web                      Date:   15-Nov-2002 13:27:16
  Branch: HEAD                             Handle: 2002111512271600

  Modified files:
    openpkg-web/security    OpenPKG-SA-2002.011-bind8.txt

  Log:
    Add link to CERT advisory CA-2002-31.

  Summary:
    Revision    Changes     Path
    1.2         +15 -14     openpkg-web/security/OpenPKG-SA-2002.011-bind8.txt
  ____________________________________________________________________________

  Index: openpkg-web/security/OpenPKG-SA-2002.011-bind8.txt
  ============================================================
  $ cvs diff -u -r1.1 -r1.2 OpenPKG-SA-2002.011-bind8.txt
  --- openpkg-web/security/OpenPKG-SA-2002.011-bind8.txt        15 Nov 2002 12:08:25 
-0000      1.1
  +++ openpkg-web/security/OpenPKG-SA-2002.011-bind8.txt        15 Nov 2002 12:27:16 
-0000      1.2
  @@ -19,8 +19,8 @@
   Description:
     The Internet Software Consortium (ISC) [1] has discovered or has been
     notified of several bugs which can result in vulnerabilities of varying
  -  levels of severity in BIND [2]. These problems include buffer overflows,
  -  stack revealing, divide by zero, null pointer dereferencing, and more [3].
  +  levels of severity in BIND [2][3]. These problems include buffer overflows,
  +  stack revealing, divide by zero, null pointer dereferencing, and more [4].
     A subset of these vulnerabilities exist in the BIND packages distributed by
     OpenPKG.
   
  @@ -35,17 +35,17 @@
   Solution:
     Since these vulnerabilities do not exist in BIND version 9.2.1, one solution
     simply involves upgrading to it. The packages bind-9.2.1-1.1.0 in OpenPKG
  -  release 1.1 [4], and bind-9.2.1-20021111 in OpenPKG current [5] are both
  +  release 1.1 [5], and bind-9.2.1-20021111 in OpenPKG current [6] are both
     candidates in this respect. Be warned that although such later versions of
     BIND are stable, there exist large differences between BIND 8 and BIND 9
     software.
   
     A lighter approach involves updating existing packages to newly patched
     versions of BIND 8. Select the updated source RPM appropriate
  -  for your OpenPKG release [6][7][8], and fetch it from the OpenPKG FTP service
  -  or a mirror location. Verify its integrity [9], build a corresponding
  +  for your OpenPKG release [7][8][9], and fetch it from the OpenPKG FTP service
  +  or a mirror location. Verify its integrity [10], build a corresponding
     binary RPM from it and update your OpenPKG installation by applying the
  -  binary RPM [10]. For the latest OpenPKG 1.1 release, perform the following
  +  binary RPM [11]. For the latest OpenPKG 1.1 release, perform the following
     operations to permanently fix the security problem (for other releases
     adjust accordingly).
   
  @@ -64,14 +64,15 @@
   References:
     [1]  http://www.isc.org/
     [2]  http://www.isc.org/products/BIND/
  -  [3]  http://www.isc.org/products/BIND/bind-security.html
  -  [4]  ftp://ftp.openpkg.org/release/1.1/SRC/bind-9.2.1-1.1.0.src.rpm
  -  [5]  ftp://ftp.openpkg.org/current/SRC/bind-9.2.1-20021111.src.rpm
  -  [6]  ftp://ftp.openpkg.org/release/1.0/UPD/bind-8.2.6-1.0.2.src.rpm
  -  [7]  ftp://ftp.openpkg.org/release/1.1/UPD/bind8-8.3.3-1.1.1.src.rpm
  -  [8]  ftp://ftp.openpkg.org/current/SRC/bind8-8.3.3-20021114.src.rpm
  -  [9]  http://www.openpkg.org/security.html#signature
  -  [10] http://www.openpkg.org/tutorial.html#regular-source
  +  [3]  http://www.cert.org/advisories/CA-2002-31.html
  +  [4]  http://www.isc.org/products/BIND/bind-security.html
  +  [5]  ftp://ftp.openpkg.org/release/1.1/SRC/bind-9.2.1-1.1.0.src.rpm
  +  [6]  ftp://ftp.openpkg.org/current/SRC/bind-9.2.1-20021111.src.rpm
  +  [7]  ftp://ftp.openpkg.org/release/1.0/UPD/bind-8.2.6-1.0.2.src.rpm
  +  [8]  ftp://ftp.openpkg.org/release/1.1/UPD/bind8-8.3.3-1.1.1.src.rpm
  +  [9]  ftp://ftp.openpkg.org/current/SRC/bind8-8.3.3-20021114.src.rpm
  +  [10] http://www.openpkg.org/security.html#signature
  +  [11] http://www.openpkg.org/tutorial.html#regular-source
   ________________________________________________________________________
   
   For security reasons, this advisory was digitally signed with
______________________________________________________________________
The OpenPKG Project                                    www.openpkg.org
CVS Repository Commit List                     [EMAIL PROTECTED]

Reply via email to