Install BIND 9.9.7-P2 to fix vulnerability CVE-2015-5477

/dev/rob0 rob0 at
Mon Sep 7 16:13:19 UTC 2015

On Mon, Sep 07, 2015 at 12:24:36PM +0300, stavrostseriotis wrote:
> I have a RedHat 5.11 machine and currently I am facing the issue 
> with BIND vulnerability CVE-2015-5477. I cannot update my BIND 
> using yum because I didn't install BIND from RedHat at the first 
> place so I need to do it manually.

Did you keep notes on what you did originally?  This would be an 
excellent time to refer to those notes.

> I downloaded the package of version 9.9.7-P2 from isc website but 
> since it is not an rpm file I have to build it myself.

Before you go any further you might as well grab the P3 version.
CVEs-2015-5722 & -5986 are fixed therein.  Granted those are not as 
serious as CVE-2015-5477 (which has a trivial exploit published), but 
it cannot hurt to have the later fixes.

I concur with the other posters; rpmbuild is the best way to deviate 
from Red Hat's own packages.  You will see that a contributor to this 
list maintains SRPMs for the latest BIND 9 releases.  With the SRPM 
and rpmbuild it's not much more effort to stay current than it is to 
"yum upgrade bind9" from Red Hat's repo of long-past-EOL software.

There's nothing wrong with such deviation; in fact it's extremely 
important to do so for your mission critical software.  But it 
requires a better understanding of the OS than you seem to have.

> I am wondering if you can give me a little guideline on how to 
> build and install the new version.

I would suggest that you invest some time in learning Red Hat basic 
administration skills, and with it some shell basics, and you will 
become able to diagnose and fix these problems on your own.

Good luck.
  Offlist GMX mail is seen only if "/dev/rob0" is in the Subject:

More information about the bind-users mailing list