It says "or upgrade to the patched release most closely related to your current version of BIND" then it lists the two versions to choose from.
9.9.2-P2 is fixed as is 9.9.3b2. Mark In message <cahu+3owixzjjofxz90yq8zs4e0kb8sx8h6n21pg_erdyur-...@mail.gmail.com>, Red Cricket writes: > > Hi, > > I am sorry for being so dense but I am confused about what to do about > protecting my BIND DNS servers running 9.9.1-P4 from the regex issue. > > The link https://kb.isc.org/article/AA-00871 says this ... > > Impact: > > ... Intentional exploitation of this condition can cause denial of service > in all authoritative and recursive nameservers running affected versions of > BIND 9 [all versions of BIND 9.7, BIND 9.8.0 through 9.8.5b1 (inclusive) > and BIND9.9.0 through BIND 9.9.3b1 (inclusive)]. > > OK ... I run 9.9.1-P4 so my DNS server could be affected by this issue. > But later on in the link it says ... > > Solution: > > Compile BIND 9 without regular expression support as described in the > "Workarounds" section of this advisory or upgrade to the patched release > most closely related to your current version of BIND. These can be > downloaded from http://www.isc.org/downloads/all. > > * BIND 9 version 9.9.2-P2 > > But its 9.9.2-P2 with in BIND9.9.0 through BIND 9.9.3b1? So is 9.9.2-P2 > also affected? If I build from the 9.9.2-P2 tarball do I need to patch the > config.h as discussed in the "Workarounds" section? > > Thanks > Red > -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: ma...@isc.org _______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
