From Bugzilla Helper: User-Agent: Mozilla/4.78 [en] (X11; U; Linux 2.4.9-13custom i686) Description of problem: It is possible to overflow a buffer handling TSIG signed queries, thereby obtaining access to the system. See: http://www.isc.org/products/BIND/bind-security.html Version-Release number of selected component (if applicable): How reproducible: Always Steps to Reproduce: 1.rpm -q bind 2.http://www.isc.org/products/BIND/bind-security.html 3. Actual Results: bind version 8.2.3-1 Expected Results: bind v8.2.5 or better Additional info: Exploits for this bug exist. The vind shipped with RH7.0, RH7.1 and RH7.2 is vulerable.
Not quite. 7.1 shipped with bind 9.1.0 7.2 shipped with bind 9.1.3 7.0 is still at 8.2.3 though.
And (just checked) 8.2.3 does NOT have this bug. The last version with this problem was 8.2.2p7, according to the page you mentioned yourself.
The page does mention 8.2.3-betas, which is later than 8.2.2p7. Is 8.2.3-1 based on one of the 8.2.3-betas?
No, it's based on 8.2.3-RELEASE.