[nycbug-talk] BIND vulnerability

Jesse Callaway bonsaime at gmail.com
Wed Jul 9 21:33:00 EDT 2008


On Tue, Jul 8, 2008 at 10:30 PM, Charles Sprickman <spork at bway.net> wrote:
> Just in case you haven't seen this elsewhere yet:
>
> http://www.kb.cert.org/vuls/id/800113
> http://www.kb.cert.org/vuls/id/MIMG-7ECL7M
>
> I wonder if that "notification date" for FreeBSD is to be believed?
>
> There's currently no updates to the ports.  I run 9.3.5 and was able to
> build the patched version within ports by doing the following:
>
> -editing the distinfo file like so:
>
> MD5 (bind-9.3.5-P1.tar.gz) = 1446984f552b18a0ff7db63971a0cb5a
> SHA256 (bind-9.3.5-P1.tar.gz) = 8bd6b53f5a2c5f0332aaba9a51ef3d7fc55c60f906f0c506
> e11b6600ed82a90b
> SIZE (bind-9.3.5-P1.tar.gz) = 5626167
> MD5 (bind-9.3.5-P1.tar.gz.asc) = 3680754939a9af0b1f6bb733a3a8fb3b
> SHA256 (bind-9.3.5-P1.tar.gz.asc) = cf312c8a4c2cf1c07a473d2ff6db597a0677c5f8a79b
> 4e7d3f7333663a862a5c
> SIZE (bind-9.3.5-P1.tar.gz.asc) = 479
>
> -editing the port Makefile to reflect the new filename:
>
> # ISC releases things like 9.3.0rc1, which our versioning doesn't like
> ISCVERSION=     9.3.5-P1
>
> Built clean on 6.3, running it for about an hour now.
>
> Perhaps others can share any info on the ports/pkg systems for other BSDs?
>
> Of course anyone who's been running DNSSEC before today is welcome to pipe
> up with any good tips on getting that beast going for a ton of zones...
>
> Charles
>
> ___
> Charles Sprickman
> NetEng/SysAdmin
> Bway.net - New York's Best Internet - www.bway.net
> spork at bway.net - 212.655.9344
>

So is OpenBSD forking, or what? Looks like it.

-jesse



More information about the talk mailing list