On Mon, Oct 02, 2017 at 10:36:37AM -0700, Rich Shepard wrote:
> I think Mike C. was correct, that it's a DNS problem.
> Perhaps one or more root servers was corrupted or attacked.
The bad guys may be exploiting the DNS flaw described below,
recently patched in the distro I'm currently upgrading.
I bet the bad guys have tools for testing and probing DNS
server integrity. Why don't you and I have those tools?
We build ephemeral new capabilities without diagnostic and
monitoring tools for critical core capabilities. Then we
replace core capabilities ( systemd ), trading a heap of
old known bugs for a wilderness of new unknown bugs.
I'm all for replacing rickety designs with clean ones,
but based on demonstrable metrics, not aesthetics,
after a shitstorm of bounty-driven white-hat attacks.
Sometimes there are empirical reasons for rickety.
Measure twice, cut once. When softwave becomes real
engineering, perhaps we will learn how to do that.
Keith
-----------------------------------------------------------
Synopsis: Critical: dnsmasq security update
Advisory ID: SLSA-2017:2838-1
Issue Date: 2017-10-02
CVE Numbers: CVE-2017-14491
--
Security Fix(es):
* A heap buffer overflow was found in dnsmasq in the code responsible for
building DNS replies. An attacker could send crafted DNS packets to
dnsmasq which would cause it to crash or, potentially, execute arbitrary
code. (CVE-2017-14491)
--
SL6
x86_64
dnsmasq-debuginfo-2.48-18.el6_9.x86_64.rpm
dnsmasq-2.48-18.el6_9.x86_64.rpm
dnsmasq-utils-2.48-18.el6_9.x86_64.rpm
i386
dnsmasq-debuginfo-2.48-18.el6_9.i686.rpm
dnsmasq-2.48-18.el6_9.i686.rpm
dnsmasq-utils-2.48-18.el6_9.i686.rpm
- Scientific Linux Development Team
-----------------------------------------------------------
--
Keith Lofstrom kei...@keithl.com
_______________________________________________
PLUG mailing list
PLUG@lists.pdxlinux.org
http://lists.pdxlinux.org/mailman/listinfo/plug
