Note: This is a beta release of Red Hat Bugzilla 5.0. The data contained within is a snapshot of the live data so any changes you make will not be reflected in the production Bugzilla. Also email is disabled so feel free to test any aspect of the site that you want. File any problems you find or give feedback here.

Bug 85620

Summary: ISC reports vulnerability in BIND 9.2.1
Product: [Retired] Red Hat Linux Reporter: Kenneth Porter <shiva>
Component: bindAssignee: Daniel Walsh <dwalsh>
Status: CLOSED ERRATA QA Contact: Ben Levenson <benl>
Severity: medium Docs Contact:
Priority: medium    
Version: 8.0Keywords: Security
Target Milestone: ---   
Target Release: ---   
Hardware: All   
OS: Linux   
URL: http://www.isc.org/products/BIND/bind-security.html
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2003-03-05 10:22:17 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:

Description Kenneth Porter 2003-03-05 03:41:35 UTC
See the URL. Issues affecting 9.2.1 are linking with OpenSSL and apps linked
with libbind. Apps statically linked to libbind will need to be relinked to the
fixed library.

Comment 1 Mark J. Cox 2003-03-05 10:22:17 UTC
ISC report on 4th March a number of security issues they've fixed in BIND 9.2.2.
 These mostly revolve around supporting patched OpenSSL (which we already do),
but include a "libbing: remote buffer overrun", this is actually
http://www.cert.org/advisories/CA-2002-19.html 
which we fixed in 
http://rhn.redhat.com/errata/RHSA-2002-133.html