Subject: Re: ot, security patches, and 1.4.1
To: nm <email@example.com>
From: Manuel Bouyer <firstname.lastname@example.org>
Date: 01/30/2000 03:36:59
On Sat, Jan 29, 2000 at 01:31:36PM -0500, nm wrote:
> I apologize in advance because this post is not quite
> on topic.
> I have a 1.3.3 system and I am about to install 1.4.1 on it.
> The primary function of this system is as a name server.
> I thought I read somewhere (correct me if I am wrong) that
> the version of bind that shipped with 1.4.1 contained a bug
> that may compromise system security. I could not find a
> patch for this bug on the ftp site, nor are any bugs listed
> for 1.4.1 on the web site.
> I am worried that people may install 1.4.1 and check the
> web site, see that no security bugs are listed for 1.4.1 and
> assume that the bind that ships with it is secure. Am I
> missing something or am I confused?
For sure there should be much more details on the web site about this.
As a general policy tracking release will get you all the security fixes,
but advisatories may have patches or workarounds for a specific problem.
Unfortunably we failed to get advisatories out for some important problems
in the past.
Manuel Bouyer <email@example.com>