Re: Update release 3.8 on AMD64 with a “fix” for the recent “DNS cache poisoning” vulnerability?

2008-07-31 Thread Maurice Janssen
On Wednesday, July 30, 2008 at 22:28:44 +0200, Mark Prins wrote: you could save some time and energy by using the 4.3-stable release from ftp://ftp.su.se/pub/mirrors/openbsd_stable/4.3-stable/ as this has the errata/patches applied... That's correct, but at this moment the latest patch (005)

Re: Update release 3.8 on AMD64 with a “fix” for the recent “DNS cache poisoning” vulnerability?

2008-07-30 Thread Jason Crawford
On Wed, Jul 30, 2008 at 2:43 PM, skogzort [EMAIL PROTECTED] wrote: Hello, Ib m trying to protect our DNS server from the vulnerability referred to in: CVE -2008-1447 and US-Cert Vulnerability Note VU#800113. I see that there is a patch for BIND in 4.2 and 4.3 that addresses this vulnerability,

Re: Update release 3.8 on AMD64 with a “fix” for the recent “DNS cache poisoning” vulnerability?

2008-07-30 Thread Nick Guenther
On Wed, Jul 30, 2008 at 2:43 PM, skogzort [EMAIL PROTECTED] wrote: Hello, Ib m trying to protect our DNS server from the vulnerability referred to in: CVE -2008-1447 and US-Cert Vulnerability Note VU#800113. I see that there is a patch for BIND in 4.2 and 4.3 that addresses this vulnerability,

Re: Update release 3.8 on AMD64 with a “fix” for the recent “DNS cache poisoning” vulnerability?

2008-07-30 Thread Mark Prins
you could save some time and energy by using the 4.3-stable release from ftp://ftp.su.se/pub/mirrors/openbsd_stable/4.3-stable/ as this has the errata/patches applied... 2008/7/30, Nick Guenther [EMAIL PROTECTED]: On Wed, Jul 30, 2008 at 2:43 PM, skogzort [EMAIL PROTECTED] wrote: Hello, Ib m

Re: Re: Update release 3.8 on AMD64 with a “fix” for the recent “DNS cache poisoning” vulnerability?

2008-07-30 Thread Stuart Henderson
On 2008-07-30, Jason Crawford [EMAIL PROTECTED] wrote: Ib m trying to protect our DNS server from the vulnerability referred to in: CVE -2008-1447 and US-Cert Vulnerability Note VU#800113. I see that there is a patch for BIND in 4.2 and 4.3 that addresses this vulnerability, but not for 3.8.

Re: Update release 3.8 on AMD64 with a “fix” for the recent “DNS cache poisoning” vulnerability?

2008-07-30 Thread Nick Holland
skogzort wrote: Hello, ...[I don't care why, you just need to keep your system up-to-date]... I have inherited an Open BSD DNS server that provides external DNS for our web server and serves NTP for our infrastructure. I donbt know UNIX or Open BSD. Ibm reading through the Open BSD website