There is an alternative to this insanity. It's called djbdns, and it is
proven secure, and proven reliable. I've been using it in production for a
year now, and performance has been flawless. Thousands of other
administrators will offer the same assessment. BIND is a security mess -
that's an
On Wed, 13 Nov 2002, Michael Brennen wrote:
> I have received nothing from the patch announce list. I don't know
> when I can expect to receive anything -- tonight, next week, or next
> month?
I received the patches from rc.isc.org at 2002-11-12 22:29:41 PST.
(I do not have any commercial arrang
> Three bugs in bind 4 and 8 were announced this morning, November 12.
> At least one has the possibility of arbitrary code execution
[. . .]
> I don't know of a similar incident when the known patches to such a
> serious problem were withheld by a software provider.
Speaking for myself, I never
Once upon a time, Michael Brennen <[EMAIL PROTECTED]> said:
> Three bugs in bind 4 and 8 were announced this morning, November 12.
> At least one has the possibility of arbitrary code execution, and
> the ISC web site lists it as 'Serious'.
>
> At 13:02 CST this afternoon per the ISC announcement,
bind 4 and 8 patches are now available which appeared late last night
http://www.isc.org/products/BIND/patches/
-glen
>
> Three bugs in bind 4 and 8 were announced this morning, November 12. At
> least one has the possibility of arbitrary code execution, and
> the ISC web site lists it as 'Serio
On Wed, Nov 13, 2002 at 12:04:31PM -0800, Jeremy C. Reed wrote:
> But I see the patches were made October 30 (if the dates are reliable).
In fact I believe ISC have been sitting on this for almost a month.
The CVE IDs were assigned October 16, and I have reason to believe that
they learned of this
Three bugs in bind 4 and 8 were announced this morning, November 12.
At least one has the possibility of arbitrary code execution, and
the ISC web site lists it as 'Serious'.
At 13:02 CST this afternoon per the ISC announcement, about an hour
after receiving the bug announcement, I requested bind