Wed, 6 Jul 2011

8:31 AM - BIND vulnerabilities

A vulnerability exists in the base system version of BIND as well as BIND 9.7 and 9.8 in mports.  The mports were updated last night, but the base system has not been patched yet.  It is recommended that users track the ports versions of BIND at this point.  

I will work on getting BIND updated in src.  I'm seriously considering dropping BIND from base as there have been a lot of security holes and changes at a fast pace over the last year.  It's becoming a lot of work and updating ports is much quicker. If I choose to do this, the first change will be switching to the separate libbind library and updating the few tools from BIND such as dig.