Re: sorry to ruin several of your evenings...
Without being aware of what your disclosure policies are, I'll go ahead and ask... what are the flaws, and are they also in 8.2.2-p7?
if 8.2.2-P7 were safe, you can bet that the warning ("don't run anything earlier") would have come with 8.2.2-P7.
I don't see anything at:
http://www.isc.org/products/BIND/bind-security.html
that mentions p7. Sure, I could diff a bunch of stuff...
you can bet that dozens of kiddies all over the world are diffing stuff. maybe you'll be faster than them, find the specific problem, develop a patch that's different from "install 8.2.3", and deploy it before you're hit.
Sorry to bring this to NANOG, but it's a bit more appropriate than gabbing about what a root server is. Also, note that Bugtraq is gone until Monday, so there'll be no talk of this there.
there are several major announcements planned for monday. ISC wanted to get the new code on the street soon enough to give people a running head start at upgrading. (the root name servers were all done last week, for example.)
Paul A Vixie wrote:
<snip>
Sorry to bring this to NANOG, but it's a bit more appropriate than gabbing about what a root server is. Also, note that Bugtraq is gone until Monday, so there'll be no talk of this there.
there are several major announcements planned for monday. ISC wanted to get the new code on the street soon enough to give people a running head start at upgrading. (the root name servers were all done last week, for example.)
What about TLD managers, do/can they get the info at the same time as the root-server admins? Thomas
participants (2)
-
Paul A Vixie -
Thomas Kernen