Apple released Security Update 2008-005, which fixes numerous things. Including the infamous Cache Poisoning DNS Vulnerability, and updates PHP to 5.2.6. Run Software Update now to patch.
Tag Archive for 'patch'
You had your chance, but now the previously reported DNS vulnerability has been disclosed publicly, more or less. Dan put up this cryptic post, and the comments basically spell it out. The exploit is known, and it can be performed in less than 10 seconds. More here. Patch now!
“First, take the advisory seriously—we’re not just a bunch of n00b alarmists, if we tell you your DNS house is on fire, and we hand you a fire hose, take it.” Sage advice from Paul Vixie on the recent DNS Cache Poisoning exploit. Many systems remain unpatched, even though this security vunerability is critical and should be addressed immediately.
In a rare show of cooperative effort, multiple vendors released a patch today to their DNS implementations, the underlying technology behind connecting domain names to the IP addresses they live on. DNS Admins are urged to patch the systems in their charge, immediately . Securosis has the full story. Here’s a tool to test to see if you’re at risk to the Cache Poisoning exploit.
Interestingly enough, only one DNS implementation was not affected: DJBDNS.
If you’re using Wordpress 2.3 and Extended Live Archives (a super-sweet Ajax’d version of the WP archives page), then you need to get this patch, in order to fix problems with it.
comments