Install BIND 9.9.7-P2 to fix vulnerability CVE-2015-5477
rob0 at gmx.co.uk
Mon Sep 7 16:13:19 UTC 2015
On Mon, Sep 07, 2015 at 12:24:36PM +0300, stavrostseriotis wrote:
> I have a RedHat 5.11 machine and currently I am facing the issue
> with BIND vulnerability CVE-2015-5477. I cannot update my BIND
> using yum because I didn't install BIND from RedHat at the first
> place so I need to do it manually.
Did you keep notes on what you did originally? This would be an
excellent time to refer to those notes.
> I downloaded the package of version 9.9.7-P2 from isc website but
> since it is not an rpm file I have to build it myself.
Before you go any further you might as well grab the P3 version.
CVEs-2015-5722 & -5986 are fixed therein. Granted those are not as
serious as CVE-2015-5477 (which has a trivial exploit published), but
it cannot hurt to have the later fixes.
I concur with the other posters; rpmbuild is the best way to deviate
from Red Hat's own packages. You will see that a contributor to this
list maintains SRPMs for the latest BIND 9 releases. With the SRPM
and rpmbuild it's not much more effort to stay current than it is to
"yum upgrade bind9" from Red Hat's repo of long-past-EOL software.
There's nothing wrong with such deviation; in fact it's extremely
important to do so for your mission critical software. But it
requires a better understanding of the OS than you seem to have.
> I am wondering if you can give me a little guideline on how to
> build and install the new version.
I would suggest that you invest some time in learning Red Hat basic
administration skills, and with it some shell basics, and you will
become able to diagnose and fix these problems on your own.
Offlist GMX mail is seen only if "/dev/rob0" is in the Subject:
More information about the bind-users