[MLUG] Multiple DNS implementations vulnerable to cache poisoning
Nick Sklav
sklav at teksavvy.com
Wed Jul 9 10:22:41 EDT 2008
On Wed, 2008-07-09 at 10:08 -0400, David Filion wrote:
> Nick Sklav wrote:
> > On Wed, 2008-07-09 at 01:20 -0400, Pascal Charest wrote:
> >
> >> Hi,
> >>
> >> By now, most of you must have seen the news and already freaked out as
> >> it warrant - but I'll take a guess and suppose that some might have
> >> been, like me, hidden all days, working on some obscure deployment and
> >> haven't heard the news:
> >>
> >> So, "Multiple DNS implementations vulnerable to cache
> >> poisoning" (1)... in my book, this goes right with debian-openssl
> >> fiasco as some of the worst bug I've seen in years (well, Solaris
> >> telnet & Microsoft ping of death might also be good candidates).
> >>
> >> (1). http://www.kb.cert.org/vuls/id/800113
> >>
> >> So get ready for another night of server update...
> >>
> >> Pascal
> >>
> >
> >
> > Updates have already been released if your running Centos /RHEL. no
> > reboots required.
> >
> > _______________________________________________
> > mlug mailing list
> > mlug at listserv.mlug.ca
> > https://listes.koumbit.net/cgi-bin/mailman/listinfo/mlug-listserv.mlug.ca
> >
>
> Be careful if you are running an authoritative server and have the
> caching-nameserver package installed. There is a bug reporting that
> installing the update to this package will rename your named.conf and
> replace it with the one in the package. Here is the bug report:
> https://bugzilla.redhat.com/show_bug.cgi?id=453340
I had no issue with my upgrade, but will look into it further. Is it
possible they updated the package? the reason why i ask is because no
files seems to have been renamed on the update and everything is
functioning properly. by renamed im refering to named.conf.
More information about the mlug
mailing list