libbind buffer overflow
Mark_Andrews at isc.org
Mark_Andrews at isc.org
Wed Jul 10 07:28:04 UTC 2002
>
> I just a bit confused on how to address this new security
> vulnerability. I am running ISC BIND 8.2.3 on Solaris 2.6. According
> to the security advisory, it says I should upgrade to version BIND
> 8.3.3 to update libbind. But it also has a Sun Systems section which
> says to wait for the patch from Sun to update libresolv.so.
>
> So my question is, do I only need to upgrade to BIND 8.3.3, or just
> update libresolv.so, or do I need to do both?
Both. You will also need to relink any applications you
linked with libbind from BIND 8.x.
>
> Regards,
> Rudebwoy
>
--
Mark Andrews, Internet Software Consortium
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: Mark.Andrews at isc.org
More information about the bind-users
mailing list