tech-security: ISC BIND / NAMED CVE-2007-2926 (Another ISC BIND Pullup)

Subject: ISC BIND / NAMED CVE-2007-2926 (Another ISC BIND Pullup)
To: None <tech-security@netbsd.org>
From: Brian A. Seklecki <lavalamp@spiritual-machines.org>
List: tech-security
Date: 08/09/2007 13:12:27

All:

Another global version bug has been out since July 24th:

   http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-2926
   http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2926

The ISC recommended solution is to upgrade 9.3.4-P1 -- We (And FreeBSD 
RELENG_6_2) are at 9.3.2 + Local Patches.

ISC's official recommendation is 9.3.4-P1?2?.  All versions prior to BIND 
9.3.3 are EOL by ISC.  FreeBSD pulled the patch in manually:

http://security.freebsd.org/advisories/FreeBSD-SA-07:07.bind.asc

We need to do the same, just like we did back in March:

ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2007-003.txt.asc

I'm testing it now.

l8*
 	-lava (Brian A. Seklecki - Pittsburgh, PA, USA)
 	       http://www.spiritual-machines.org/

     "Guilty? Yeah. But he knows it. I mean, you're guilty.
     You just don't know it. So who's really in jail?"
     ~Maynard James Keenan