Bug 11876 - named-xfer bug in bind 8.2.2-P3 ?
named-xfer bug in bind 8.2.2-P3 ?
Status: CLOSED NOTABUG
Product: Red Hat Linux
Classification: Retired
Component: bind (Show other bugs)
6.1
i386 Linux
medium Severity medium
: ---
: ---
Assigned To: Bernhard Rosenkraenzer
http://www.isc.org/products/BIND/
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2000-06-02 19:05 EDT by Christian Rose
Modified: 2008-05-01 11:37 EDT (History)
1 user (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2000-06-26 15:34:43 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Christian Rose 2000-06-02 19:05:26 EDT
I quote directly from the BIND homepage (the URL above):
<P>
"If you are running a version of BIND prior to 8.2.2 patchlevel 3, we
recommend you upgrade to the current version for security reasons. If you
are running BIND 8.2.2-P3, and compiled it yourself, we recommend you
upgrade to 8.2.2-P5 to correct a named-xfer problem. <B>If your
vendor-provided BIND is 8.2.2-P3, you should consult their documentation
and confirm that the named-xfer bug has been patched.</B>"<BR>
(emphasis mine)
<P>
As the most recent packages for Red Hat 6.1 (and possibly older releases
too) are 8.2.2-P3, I question if this has been fixed.
<P>
Another quote from http://www.sans.org/topten.htm discussing various
security vulnerabilities in bind:
"As of May 22, 2000, any version earlier than BIND v.8.2.2 patch level 5 is
vulnerable."
<P>
Maybe time for new bind packages for older versions of Red Hat?
Comment 1 Bernhard Rosenkraenzer 2000-06-26 15:34:41 EDT
They got the wrong release number - 8.2.2p3 is not affected.
Actually the P3 package we're shipping has almost all patches that made it into
p5.
Comment 2 Christian Rose 2000-08-27 13:30:17 EDT
Closing old resolved bugs.

Note You need to log in before you can comment on or make changes to this bug.