ISC Security Advisory: CVE-2013-2266: A Maliciously Crafted Regular Expression Can Cause Memory Exhaustion in named
ISC Support Staff
support-staff at isc.org
Tue Mar 26 18:08:38 UTC 2013
On 3/26/13 10:05 AM, Jack Tavares wrote:
>
> I have a request for clarification:
>
> The workaround states to rebuild BIND with regexp support disabled.
>
> And I see new versions of BIND have been released.
> Are those versions just a rebuild with regexp support disabled?
> Or are they a more comprehensive fix?
This question is addressed in the "CVE-2013-2266: FAQ and Supplemental
Information" Knowledge Base article, which I encourage everyone to read.
https://kb.isc.org/article/AA-00879
Please see specifically the section which begins:
"What is the difference between deploying the patched versions
of BIND versus implementing the documented workaround?"
Thanks,
Michael McNally
ISC Support
More information about the bind-users
mailing list