On Mon, Oct 02, 2017 at 10:36:37AM -0700, Rich Shepard wrote: > I think Mike C. was correct, that it's a DNS problem. > Perhaps one or more root servers was corrupted or attacked.
The bad guys may be exploiting the DNS flaw described below, recently patched in the distro I'm currently upgrading. I bet the bad guys have tools for testing and probing DNS server integrity. Why don't you and I have those tools? We build ephemeral new capabilities without diagnostic and monitoring tools for critical core capabilities. Then we replace core capabilities ( systemd ), trading a heap of old known bugs for a wilderness of new unknown bugs. I'm all for replacing rickety designs with clean ones, but based on demonstrable metrics, not aesthetics, after a shitstorm of bounty-driven white-hat attacks. Sometimes there are empirical reasons for rickety. Measure twice, cut once. When softwave becomes real engineering, perhaps we will learn how to do that. Keith ----------------------------------------------------------- Synopsis: Critical: dnsmasq security update Advisory ID: SLSA-2017:2838-1 Issue Date: 2017-10-02 CVE Numbers: CVE-2017-14491 -- Security Fix(es): * A heap buffer overflow was found in dnsmasq in the code responsible for building DNS replies. An attacker could send crafted DNS packets to dnsmasq which would cause it to crash or, potentially, execute arbitrary code. (CVE-2017-14491) -- SL6 x86_64 dnsmasq-debuginfo-2.48-18.el6_9.x86_64.rpm dnsmasq-2.48-18.el6_9.x86_64.rpm dnsmasq-utils-2.48-18.el6_9.x86_64.rpm i386 dnsmasq-debuginfo-2.48-18.el6_9.i686.rpm dnsmasq-2.48-18.el6_9.i686.rpm dnsmasq-utils-2.48-18.el6_9.i686.rpm - Scientific Linux Development Team ----------------------------------------------------------- -- Keith Lofstrom kei...@keithl.com _______________________________________________ PLUG mailing list PLUG@lists.pdxlinux.org http://lists.pdxlinux.org/mailman/listinfo/plug