Skip site navigation (1) Skip section navigation (2)

Re: Insecure DNS servers on PG infrastructure

From: "Joshua D(dot) Drake" <jd(at)commandprompt(dot)com>
To: Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>
Cc: pgsql-www(at)postgresql(dot)org
Subject: Re: Insecure DNS servers on PG infrastructure
Date: 2008-07-25 15:26:01
Message-ID: 1216999561.16378.7.camel@jd-laptop (view raw or flat)
Thread:
Lists: pgsql-www
On Fri, 2008-07-25 at 11:02 -0400, Tom Lane wrote:
> I just noted that cvs.postgresql.org and svr1.postgresql.org are not
> running the latest bind release, which means that they are vulnerable to
> the DNS cache poisoning attack recently discovered by Dan Kaminsky.
> Vixie and co think this is a pretty big deal, so folks might want to
> update sooner rather than later.
> 	http://www.kb.cert.org/vuls/id/800113

Dave and Magnus are on vacation. I believe the only other people that
would have access to those boxes are Stefan and Marc. I have pinged
Stefan.

Joshua D. Drake

-- 
The PostgreSQL Company since 1997: http://www.commandprompt.com/ 
PostgreSQL Community Conference: http://www.postgresqlconference.org/
United States PostgreSQL Association: http://www.postgresql.us/
Donate to the PostgreSQL Project: http://www.postgresql.org/about/donate




In response to

pgsql-www by date

Next:From: Andrew SullivanDate: 2008-07-25 15:40:49
Subject: Re: Insecure DNS servers on PG infrastructure
Previous:From: Tom LaneDate: 2008-07-25 15:02:03
Subject: Insecure DNS servers on PG infrastructure

Privacy Policy | About PostgreSQL
Copyright © 1996-2014 The PostgreSQL Global Development Group