| From: | "Joshua D(dot) Drake" <jd(at)commandprompt(dot)com> |
|---|---|
| To: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
| Cc: | pgsql-www(at)postgresql(dot)org |
| Subject: | Re: Insecure DNS servers on PG infrastructure |
| Date: | 2008-07-25 15:26:01 |
| Message-ID: | 1216999561.16378.7.camel@jd-laptop |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-www |
On Fri, 2008-07-25 at 11:02 -0400, Tom Lane wrote:
> I just noted that cvs.postgresql.org and svr1.postgresql.org are not
> running the latest bind release, which means that they are vulnerable to
> the DNS cache poisoning attack recently discovered by Dan Kaminsky.
> Vixie and co think this is a pretty big deal, so folks might want to
> update sooner rather than later.
> http://www.kb.cert.org/vuls/id/800113
Dave and Magnus are on vacation. I believe the only other people that
would have access to those boxes are Stefan and Marc. I have pinged
Stefan.
Joshua D. Drake
--
The PostgreSQL Company since 1997: http://www.commandprompt.com/
PostgreSQL Community Conference: http://www.postgresqlconference.org/
United States PostgreSQL Association: http://www.postgresql.us/
Donate to the PostgreSQL Project: http://www.postgresql.org/about/donate
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Andrew Sullivan | 2008-07-25 15:40:49 | Re: Insecure DNS servers on PG infrastructure |
| Previous Message | Tom Lane | 2008-07-25 15:02:03 | Insecure DNS servers on PG infrastructure |