* brian m. carlson: > The glibc stub resolver is vulnerable to CVE-2008-1447, according to DSA > 1605. Since the vast majority of network-using programs use glibc as a > resolver, this vulnerability affects virtually any network-using > program, hence the severity. libc6 should not be released without a fix > for this problem. > > The vulnerability has been exposed: > > http://demosthen.es/post/43048623/reliable-dns-forgery-in-2008
I fail to see how this attack has a chance to work against non-caching stub resolvers like the GNU libc resolver. However, we're working on a solution. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
