Red Hat Inc. Information for VU#738331

Domain Name System (DNS) resolver libraries vulnerable to read buffer overflow



Vendor Statement

All supported versions of Red Hat Linux which shipped with vulnerable versions of BIND were updated to BIND 9.x by a previous security errata issued in August 2002 and are therefore not vulnerable to this issue. Users of the Red Hat Network can make sure their systems are updated to this release using the 'up2date' tool.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Vendor References



Red Hat has also released RHSA-2002:197 (glibc), RHSA-2002:215 (fetchmail), and RHSA-2002:175 (nss_ldap).

If you have feedback, comments, or additional information about this vulnerability, please send us email.