FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > Ubuntu > Ubuntu User

 
 
LinkBack Thread Tools
 
Old 12-01-2010, 11:38 PM
Christopher Chan
 
Default Bind vulnerabilities

On Thursday, December 02, 2010 07:07 AM, MR ZenWiz wrote:
> On Wed, Dec 1, 2010 at 11:39 AM, Marc Deslauriers
> <marc.deslauriers@canonical.com> wrote:
>> ================================================== =========
>> Ubuntu Security Notice USN-1025-1 December 01, 2010
>> bind9 vulnerabilities
>> CVE-2010-3613, CVE-2010-3614
>> ================================================== =========
>>
> Just out of curiosity, roughly how long after these notices go out do
> they become active?
>
> I've noticed that if I try to do an update within a short time (e.g.,
> hours rather than days) they don't seem to be effective. For example,
> the new kernel that came in on an update yesterday evening (PST) was
> not available earlier in the day shortly after the announcement came
> through on the list.
>
> TIA.
>

Just run djbdns and don't worry about such things.

/me has his troll hat on.

--
ubuntu-users mailing list
ubuntu-users@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-users
 
Old 12-02-2010, 01:05 AM
Marc Deslauriers
 
Default Bind vulnerabilities

On Wed, 2010-12-01 at 15:07 -0800, MR ZenWiz wrote:
> On Wed, Dec 1, 2010 at 11:39 AM, Marc Deslauriers
> <marc.deslauriers@canonical.com> wrote:
> > ================================================== =========
> > Ubuntu Security Notice USN-1025-1 December 01, 2010
> > bind9 vulnerabilities
> > CVE-2010-3613, CVE-2010-3614
> > ================================================== =========
> >
> Just out of curiosity, roughly how long after these notices go out do
> they become active?
>
> I've noticed that if I try to do an update within a short time (e.g.,
> hours rather than days) they don't seem to be effective. For example,
> the new kernel that came in on an update yesterday evening (PST) was
> not available earlier in the day shortly after the announcement came
> through on the list.

I send these out once the update hits the main Ubuntu archive. It takes
a while for mirrors to sync with the main archive. The length of time
depends on which local mirror you are using.

Marc.



--
ubuntu-users mailing list
ubuntu-users@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-users
 
Old 12-02-2010, 01:15 AM
MR ZenWiz
 
Default Bind vulnerabilities

On Wed, Dec 1, 2010 at 4:38 PM, Christopher Chan
<christopher.chan@bradbury.edu.hk> wrote:
>
> Just run djbdns and don't worry about such things.
>
Never heard of that one before, but even from appears in Synaptic for
this I fail to see how it will help. Please elucidate.

TIA.

--
ubuntu-users mailing list
ubuntu-users@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-users
 
Old 12-02-2010, 02:25 AM
Christopher Chan
 
Default Bind vulnerabilities

On Thursday, December 02, 2010 10:15 AM, MR ZenWiz wrote:
> On Wed, Dec 1, 2010 at 4:38 PM, Christopher Chan
> <christopher.chan@bradbury.edu.hk> wrote:
>>
>> Just run djbdns and don't worry about such things.
>>
> Never heard of that one before, but even from appears in Synaptic for
> this I fail to see how it will help. Please elucidate.
>

BIND is a name server package.

djbdns is a SECURE name server package.

Only one security issue (note: not a security hole) after years of
scrutiny and that one has been plugged after DJB paid up the bounty.

Use djbdns and don't worry about security.

--
ubuntu-users mailing list
ubuntu-users@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-users
 
Old 12-02-2010, 03:20 AM
MR ZenWiz
 
Default Bind vulnerabilities

On Wed, Dec 1, 2010 at 7:25 PM, Christopher Chan
<christopher.chan@bradbury.edu.hk> wrote:
> On Thursday, December 02, 2010 10:15 AM, MR ZenWiz wrote:
>> On Wed, Dec 1, 2010 at 4:38 PM, Christopher Chan
>> <christopher.chan@bradbury.edu.hk> *wrote:
>>>
>>> Just run djbdns and don't worry about such things.
>>>
>> Never heard of that one before, but even from appears in Synaptic for
>> this I fail to see how it will help. *Please elucidate.
>
> BIND is a name server package.
>
> djbdns is a SECURE name server package.
>
> Only one security issue (note: not a security hole) after years of
> scrutiny and that one has been plugged after DJB paid up the bounty.
>
> Use djbdns and don't worry about security.
>
Oh, you were answering the issue, not my specific question.

Gotcha. - Thanks for the clarification. (Since I don't run a DNS
server, it won't matter.)

--
ubuntu-users mailing list
ubuntu-users@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-users
 

Thread Tools




All times are GMT. The time now is 07:12 AM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright 2007 - 2008, www.linux-archive.org