Well maybe... As has been noted before folks like RedHat use a base BIND version then backport security and bug fixes into it. The OP didn't say what he was running on. I don't know that there are any supported RHEL versions that use 9.2 but also don't know that there aren't.
In fact our security audits routinely flag some RedHat things because they look only at the base package version and not the extended versioning RedHat uses for such backported packages. For BIND blocking the version keeps the auditors from asking the question since they don't know base version let alone extended version. -----Original Message----- From: bind-users-bounces+jlightner=water....@lists.isc.org [mailto:bind-users-bounces+jlightner=water....@lists.isc.org] On Behalf Of Alan Clegg Sent: Tuesday, January 12, 2010 11:09 AM To: bind-users@lists.isc.org Subject: Re: bindvrs Vulnerability Lightner, Jeff wrote: > Sometimes you have to do things like hiding your version just because it > came up on the security audit. It's a lot easier to make them shut up > by doing what they want than by explaining to them that what they want > is meaningless. That said, if your "security audit" allows you to run BIND 9.2 then it's a complete waste of time anyway and that fact should be brought to someone's attention. AlanC _______________________________________________ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users Proud partner. Susan G. Komen for the Cure. Please consider our environment before printing this e-mail or attachments. ---------------------------------- CONFIDENTIALITY NOTICE: This e-mail may contain privileged or confidential information and is for the sole use of the intended recipient(s). If you are not the intended recipient, any disclosure, copying, distribution, or use of the contents of this information is prohibited and may be unlawful. If you have received this electronic transmission in error, please reply immediately to the sender that you have received the message in error, and delete it. Thank you. ---------------------------------- _______________________________________________ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
