trigger point for new bug

Fajar A. Nugraha work at
Sun Nov 20 21:35:16 UTC 2011

On Fri, Nov 18, 2011 at 6:11 AM, Jack Tavares <j.tavares at> wrote:
> Thank you again. And I agree that upgrading is the best option, however
> I was looking for any possible mitigations to the problem for the
> (unfortunately unavoidable) period of time it will take vendors
> to provide patched bind servers.

Which "vendors" are you talking about? AFAIK most linux distros have
special release policy w.r.t. critical security updates, so they
should be available not long after a CVE was published. For example: => Nov 16 => updated package
available on Nov 17

Another alternative (if you can't wait one day) is to build the
package yourself, assuming you have sufficient knowldege about patches
and your distro's build system (e.g. rebuilding SRPM).


More information about the bind-users mailing list