Subject: Re: ot, security patches, and 1.4.1
To: R. C. Dowdeswell <email@example.com>
From: nm <firstname.lastname@example.org>
Date: 01/30/2000 13:01:52
At 11:44 PM 1/29/00 -0800, R. C. Dowdeswell wrote:
>On 949170696 seconds since the Beginning of the UNIX epoch
>>I thought I read somewhere (correct me if I am wrong) that
>>the version of bind that shipped with 1.4.1 contained a bug
>>that may compromise system security. I could not find a
>>patch for this bug on the ftp site, nor are any bugs listed
>>for 1.4.1 on the web site.
>I think that the security advisory against BIND was 8.2.x, whereas
>NetBSD 1.4.1 installs 8.1.2 which does not have the feature that
Roland Dowdeswell was correct in pointing out that the version of
BIND that ships with 1.4.1 is NOT vulnerable to the attack I was
alluding to (NXT overflow).
Thank you for correcting me.