8.2.5-RL1 to 8.3.3
phn at icke-reklam.ipsec.nu
phn at icke-reklam.ipsec.nu
Thu Jul 18 19:38:21 UTC 2002
Max Gorouvein <max at cpol.com> wrote:
> Hi everyone,
> Has anyone done such an upgrade? 8.2.5 has vulnerability with libbind so
> I've decided to upgrade.
It won't help you. The vulnerability is in the applications that ask
the resolver code ( which normally is not replaced when you install bind)
A workaround is to install bind-9.2.1 and make shure all clients will
use that a resolving nameserver, bind-9 is reported to "sanitize"
the offending packets.
> I'm worried because this system was not initially installed by me, and it's
> an old RedHat 5.1 with kernl 2.0.35!!!!!! What should I be looking out for?
One suggestion : get another pc, install OpenBSD, build and install
bind-9.2.1. Configure and test with your present zonefiles. When
you are satisfies with your tests, let the OpenBSD box inherit
the ipadress of your current deadrat.
Doing it this way will reduce the disturbances to zero, the worst-case
( Murphy is on visit ) schenario is that you will have to
startup you old nameserver again.
You have an 486 somewhere ?? A Pentium will also do ...
> It seems like it's just a matter of renaming the old binaries to something
> like named.old (just in case the new ones don't work), compiling the source,
> installing it in to the right directory and see if it will work???
> Any help/suggestions will be appreciated!
> Max G.
> Systems Admin
--
Peter Håkanson
IPSec Sverige ( At Gothenburg Riverside )
Sorry about my e-mail address, but i'm trying to keep spam out,
remove "icke-reklam" if you feel for mailing me. Thanx.
More information about the bind-users
mailing list