Re: Install BIND 9.9.7-P2 to fix vulnerability CVE-2015-5477

2015-09-08 Thread Reindl Harald 



Am 08.09.2015 um 06:46 schrieb stavrostseriotis:

Ok here is what I did:

·After extracting the package I looked out at directories
*/usr/local/bin *and */usr/local/sbin *as mentioned in the procedure but
I found that there are no files there.


man updatedb
man locate


·I run *configure* command *without openssl* because I had trouble with
the openssl library when it was enabled. Also since I am not currently
using DNSSEC I guess that this is not a problem.


confiure pretty sure says what install prefix is used


·Then I run *make* and I didn’t get any error.

·I run *make install* and I didn’t get any error again.

·Stopped named service

·I copied the /etc/named.conf file and then created another empty file
as instructed with the correct permissions.

·Started named service. It started normally without any error and also
the process that was up is the same as before.

·When I do *named –V* and also *rpm –q bind* I still see the same
versions as before.

Yes I know that if I was using the RedHat package I wouldn’t had this
problem because I already do this for other linux machines. Just this
machine is old and when it was configured to work as nameserver the guys
did it this way. Now we are in the process to build a new machine for
nameserver with RedHat subscription and everything but until that
happens it will be best if we can get rid of this security vulnerability
cause I don’t know how long it will take.

Thank you for your responses.

*From:*bind-users-boun...@lists.isc.org
[mailto:bind-users-boun...@lists.isc.org] *On Behalf Of *Timothe Litt
*Sent:* Monday, September 07, 2015 2:29 PM
*To:* bind-users@lists.isc.org
*Subject:* Re: Install BIND 9.9.7-P2 to fix vulnerability CVE-2015-5477

Subject:

Install BIND 9.9.7-P2 to fix vulnerability CVE-2015-5477

From:

stavrostseriotis <stavrostserio...@semltd.com.cy>
<mailto:stavrostserio...@semltd.com.cy>

Date:

07-Sep-15 05:24

To:

bind-users@lists.isc.org <mailto:bind-users@lists.isc.org>

Hello,

I have a RedHat 5.11 machine and currently I am facing the issue
with BIND vulnerability CVE-2015-5477. I cannot update my BIND using
yum because I didn’t install BIND from RedHat at the first place so
I need to do it manually.

I downloaded the package of version 9.9.7-P2 from isc website but
since it is not an rpm file I have to build it myself.

I followed the instructions I found on website
https://deepthought.isc.org/article/AA-00768/0/Getting-started-with-BIND-ho
but it does not change the version of bind. I don’t know what I am
doing wrong.

I am wondering if you can give me a little guideline on how to build
and install the new version.

Thank you

"does not change the version of bind" - as reported how?  By named -V?
Or by a DNS query to version.bind CH TXT?

If the former, you probably have more than one named executable - with
the old one earlier in your PATH.  "which named" should help.  If the
latter, did you remember to restart named?  And did the restart
succeed?  And does your startup process have the same PATH as your
terminal?  (Often they do not.)

Re-read the instructions - and pay special attention to how you run
configure.  The default is to build/install in /usr/local/*bin - which
is not the default for most distributions' startup files.

I strongly recommend keeping track of each step as you build (a big
scrollback buffer helps).  Either write your own instructions, or turn
it into a script.  There are enough steps that it's easy to make a
mistake - and you will be re-building bind again to upgrade.  Plus, if
you ask for help, you will be able to provide the details of what you
did.  Without details of what you did and what you see, people can't
provide specific help.

Note that RedHat usually has a number of patches (often for SeLinux and
systemd) that you won't get if you build yourself from ISC sources.

Or remove bind and switch to the RedHat version.  You're paying RedHat
to do the maintenance, so unless you have local patches or very special
requirements, you might as well let them do the work.

Typically, if you really need the latest from ISC on RedHat you're
better off getting the SRC RPM from RedHat & modifying the rpmbuild
config file to fetch the latest ISC source, then build RPMs.  If you
stay with the same ISC code stream, you won't have too many patch
conflicts to resolve.  After you've done this once or twice, you'll want
to revisit you need for local changes - either decide they're not that
important, or offer them to ISC.  Maintaining a private version is work.




signature.asc
Description: OpenPGP digital signature
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: Install BIND 9.9.7-P2 to fix vulnerability CVE-2015-5477

2015-09-08 Thread Timothe Litt 

On 08-Sep-15 00:46, stavrostseriotis wrote:
>
> Ok here is what I did:
>
> · After extracting the package I looked out at directories
> */usr/local/bin *and */usr/local/sbin *as mentioned in the procedure
> but I found that there are no files there.
>
> · I run *configure* command *without openssl* because I had
> trouble with the openssl library when it was enabled. Also since I am
> not currently using DNSSEC I guess that this is not a problem.
>
> · Then I run *make* and I didn’t get any error.
>
> · I run *make install* and I didn’t get any error again.
>
> · Stopped named service
>
> · I copied the /etc/named.conf file and then created another
> empty file as instructed with the correct permissions.
>
> · Started named service. It started normally without any error
> and also the process that was up is the same as before.
>
> · When I do *named –V* and also *rpm –q bind* I still see the
> same versions as before.
>
>  
>
> Yes I know that if I was using the RedHat package I wouldn’t had this
> problem because I already do this for other linux machines. Just this
> machine is old and when it was configured to work as nameserver the
> guys did it this way. Now we are in the process to build a new machine
> for nameserver with RedHat subscription and everything but until that
> happens it will be best if we can get rid of this security
> vulnerability cause I don’t know how long it will take.
>
>  
>
> Thank you for your responses.
>
>  
>
You are not making it easy to diagnose your problem.  The exact commands
that you are using and command output are missing.

From your description, you successfully built named and installed it -
somewhere.

You are not running the image that you built.  To confirm the version of
what you built, from the build directory you can run "./bin/named/named
-V"  This will also show us the configure options, including where it
should have been installed.

If the process has the same ID, you didn't successfully stop the old
named.  This can happen if you have a mix of RedHat and non-RedHat
startup (init) files. 

If rpq -q bind shows a version, then there is a RedHat package on the
system & you are trying to supersede it.  You probably are using the
RedHat startup files, which may be different from what you expect.  As I
wrote previously, the startup environment may have a different PATH from
your terminal.

You should have stopped named BEFORE running make install.

Please provide the output of at least:
named -V; echo $PATH; (build-directory)/bin/named/named -V; systemctl
status named.service; find / -xdev -type f -name named -ls

A few lines from make install should confirm that the new file is being
installed where you expect it.

lsof -p (named's pid) will confirm which image is actually running.

systemctl show --all named.service will show what service you're trying
to start.
systemctl status named.service should match

Or run service named status & look in /etc/init.d/named if you're not
running systemd/named is a SYSV script on your version of RedHat.

You should not have trouble building with openssl.  Make sure that you
have the openssl-dev RPMs installed.  Don't try to build that from
source; RedHat heavily patches it & other packages depend on the changes.

Switching to the RedHat version of named may be your best option.  This
should not be difficult; make uninstall; yum install; edit the config. 
Depending on how your predecessors did things, you may need to yum
remove first, possibly with --force.


Timothe Litt

ACM Distinguished Engineer

--

This communication may not represent the ACM or my employer's views,

if any, on the matters discussed. 


> *From:*bind-users-boun...@lists.isc.org
> [mailto:bind-users-boun...@lists.isc.org] *On Behalf Of *Timothe Litt
> *Sent:* Monday, September 07, 2015 2:29 PM
> *To:* bind-users@lists.isc.org
> *Subject:* Re: Install BIND 9.9.7-P2 to fix vulnerability CVE-2015-5477
>
>  
>
> Subject:
>
> Install BIND 9.9.7-P2 to fix vulnerability CVE-2015-5477
>
> From:
>
> stavrostseriotis <stavrostserio...@semltd.com.cy>
> <mailto:stavrostserio...@semltd.com.cy>
>
> Date:
>
> 07-Sep-15 05:24
>
>  
>
> To:
>
> bind-users@lists.isc.org <mailto:bind-users@lists.isc.org>
>
>  
>
> Hello,
>
>  
>
> I have a RedHat 5.11 machine and currently I am facing the issue
> with BIND vulnerability CVE-2015-5477. I cannot update my BIND
> using yum because I didn’t install BIND from RedHat at the first
> place so I need to do it manually.
>
> I downloaded the package of version 9.9.7-P2 from isc website but
&g

RE: Install BIND 9.9.7-P2 to fix vulnerability CVE-2015-5477

2015-09-08 Thread stavrostseriotis 
Yes you are right probably I will uninstall bind and install the RedHat
version.

This procedure took an awful lot time and is still in progress. So I guess
that this is the best option that I have.

 

Thank you

 

From: bind-users-boun...@lists.isc.org
[mailto:bind-users-boun...@lists.isc.org] On Behalf Of Timothe Litt
Sent: Tuesday, September 08, 2015 12:25 PM
To: bind-users@lists.isc.org
Subject: Re: Install BIND 9.9.7-P2 to fix vulnerability CVE-2015-5477

 

 

On 08-Sep-15 00:46, stavrostseriotis wrote:

Ok here is what I did:

. After extracting the package I looked out at directories
/usr/local/bin and /usr/local/sbin as mentioned in the procedure but I found
that there are no files there.

. I run configure command without openssl because I had trouble with
the openssl library when it was enabled. Also since I am not currently using
DNSSEC I guess that this is not a problem.

. Then I run make and I didn't get any error.

. I run make install and I didn't get any error again.

. Stopped named service

. I copied the /etc/named.conf file and then created another empty
file as instructed with the correct permissions.

. Started named service. It started normally without any error and
also the process that was up is the same as before.

. When I do named -V and also rpm -q bind I still see the same
versions as before.

 

Yes I know that if I was using the RedHat package I wouldn't had this
problem because I already do this for other linux machines. Just this
machine is old and when it was configured to work as nameserver the guys did
it this way. Now we are in the process to build a new machine for nameserver
with RedHat subscription and everything but until that happens it will be
best if we can get rid of this security vulnerability cause I don't know how
long it will take.

 

Thank you for your responses.

 

You are not making it easy to diagnose your problem.  The exact commands
that you are using and command output are missing.

>From your description, you successfully built named and installed it -
somewhere.

You are not running the image that you built.  To confirm the version of
what you built, from the build directory you can run "./bin/named/named -V"
This will also show us the configure options, including where it should have
been installed.

If the process has the same ID, you didn't successfully stop the old named.
This can happen if you have a mix of RedHat and non-RedHat startup (init)
files.  

If rpq -q bind shows a version, then there is a RedHat package on the system
& you are trying to supersede it.  You probably are using the RedHat startup
files, which may be different from what you expect.  As I wrote previously,
the startup environment may have a different PATH from your terminal.

You should have stopped named BEFORE running make install.

Please provide the output of at least:
named -V; echo $PATH; (build-directory)/bin/named/named -V; systemctl status
named.service; find / -xdev -type f -name named -ls

A few lines from make install should confirm that the new file is being
installed where you expect it.

lsof -p (named's pid) will confirm which image is actually running.

systemctl show --all named.service will show what service you're trying to
start.
systemctl status named.service should match

Or run service named status & look in /etc/init.d/named if you're not
running systemd/named is a SYSV script on your version of RedHat.

You should not have trouble building with openssl.  Make sure that you have
the openssl-dev RPMs installed.  Don't try to build that from source; RedHat
heavily patches it & other packages depend on the changes.

Switching to the RedHat version of named may be your best option.  This
should not be difficult; make uninstall; yum install; edit the config.
Depending on how your predecessors did things, you may need to yum remove
first, possibly with --force.



Timothe Litt
ACM Distinguished Engineer
--
This communication may not represent the ACM or my employer's views,
if any, on the matters discussed. 





From: bind-users-boun...@lists.isc.org
[mailto:bind-users-boun...@lists.isc.org] On Behalf Of Timothe Litt
Sent: Monday, September 07, 2015 2:29 PM
To: bind-users@lists.isc.org
Subject: Re: Install BIND 9.9.7-P2 to fix vulnerability CVE-2015-5477

 


Subject: 

Install BIND 9.9.7-P2 to fix vulnerability CVE-2015-5477


From: 

stavrostseriotis  <mailto:stavrostserio...@semltd.com.cy>
<stavrostserio...@semltd.com.cy>


Date: 

07-Sep-15 05:24

 


To: 

bind-users@lists.isc.org

 

Hello,

 

I have a RedHat 5.11 machine and currently I am facing the issue with BIND
vulnerability CVE-2015-5477. I cannot update my BIND using yum because I
didn't install BIND from RedHat at the first place so I need to do it
manually.

I downloaded the package of version 9.9.7-P2 from isc website but since it
is not an rpm file I

Install BIND 9.9.7-P2 to fix vulnerability CVE-2015-5477

2015-09-07 Thread stavrostseriotis 
Hello,

 

I have a RedHat 5.11 machine and currently I am facing the issue with BIND
vulnerability CVE-2015-5477. I cannot update my BIND using yum because I
didn't install BIND from RedHat at the first place so I need to do it
manually.

I downloaded the package of version 9.9.7-P2 from isc website but since it
is not an rpm file I have to build it myself.

I followed the instructions I found on website
https://deepthought.isc.org/article/AA-00768/0/Getting-started-with-BIND-ho
but it does not change the version of bind. I don't know what I am doing
wrong.

I am wondering if you can give me a little guideline on how to build and
install the new version.

 

Thank you

 

 



 



 

https://encrypted-tbn3.gstatic.com/images?q=tbn:ANd9GcS79CaU_8S9mEhkzaW9lc1m
vRchvB_mtZkfc1JH78T5dJvTx4sz

 

Cooperative Computer Society (S.E.M) Ltd

1306 Nicosia

P.O.B. 25037 CY

Tel: +357 22 553 300

Fax: +357 22 672 774

  www.semltd.com.cy

 

Stavros Tseriotis

Official D'

OS and Databases Management

  stavrostserio...@semltd.com.cy

 

 

 

 

 




The information in this e-mail and any of its attachments is confidential
and intended only for the individual to whom it is addressed. If you are
not the intended recipient you should immediately notify the sender and
delete the message and all of its attachments. Do not copy through
any means or use for any reason or reveal its content to anyone. This
message cannot be guaranteed to be secure or error-free or delivered
on time. The sender bears no responsibility for any virus, loss, disruption
or any other damage caused to the sender by the content of this email.
This email has been scanned by an antivirus.


___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: Install BIND 9.9.7-P2 to fix vulnerability CVE-2015-5477

2015-09-07 Thread Reindl Harald 



Am 07.09.2015 um 11:24 schrieb stavrostseriotis:

I have a RedHat 5.11 machine and currently I am facing the issue with
BIND vulnerability CVE-2015-5477. I cannot update my BIND using yum
because I didn’t install BIND from RedHat at the first place so I need
to do it manually.

I downloaded the package of version 9.9.7-P2 from isc website but since
it is not an rpm file I have to build it myself.

I followed the instructions I found on website
https://deepthought.isc.org/article/AA-00768/0/Getting-started-with-BIND-ho
but it does not change the version of bind. I don’t know what I am doing
wrong.

I am wondering if you can give me a little guideline on how to build and
install the new version.


you need to install the new build at the same build-prefix as the 
running one while you from the begin should have built your own RPM with 
rpmbuild and a SPEC-file based on the redhat rpm-spec




signature.asc
Description: OpenPGP digital signature
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: Install BIND 9.9.7-P2 to fix vulnerability CVE-2015-5477

2015-09-07 Thread Timothe Litt 
> Subject:
> Install BIND 9.9.7-P2 to fix vulnerability CVE-2015-5477
> From:
> stavrostseriotis <stavrostserio...@semltd.com.cy>
> Date:
> 07-Sep-15 05:24
>
> To:
> bind-users@lists.isc.org
>
>
> Hello,
>
>  
>
> I have a RedHat 5.11 machine and currently I am facing the issue with
> BIND vulnerability CVE-2015-5477. I cannot update my BIND using yum
> because I didn’t install BIND from RedHat at the first place so I need
> to do it manually.
>
> I downloaded the package of version 9.9.7-P2 from isc website but
> since it is not an rpm file I have to build it myself.
>
> I followed the instructions I found on website
> https://deepthought.isc.org/article/AA-00768/0/Getting-started-with-BIND-ho
> but it does not change the version of bind. I don’t know what I am
> doing wrong.
>
> I am wondering if you can give me a little guideline on how to build
> and install the new version.
>
>  
>
> Thank you
>
"does not change the version of bind" - as reported how?  By named -V? 
Or by a DNS query to version.bind CH TXT?

If the former, you probably have more than one named executable - with
the old one earlier in your PATH.  "which named" should help.  If the
latter, did you remember to restart named?  And did the restart
succeed?  And does your startup process have the same PATH as your
terminal?  (Often they do not.)

Re-read the instructions - and pay special attention to how you run
configure.  The default is to build/install in /usr/local/*bin - which
is not the default for most distributions' startup files.

I strongly recommend keeping track of each step as you build (a big
scrollback buffer helps).  Either write your own instructions, or turn
it into a script.  There are enough steps that it's easy to make a
mistake - and you will be re-building bind again to upgrade.  Plus, if
you ask for help, you will be able to provide the details of what you
did.  Without details of what you did and what you see, people can't
provide specific help.

Note that RedHat usually has a number of patches (often for SeLinux and
systemd) that you won't get if you build yourself from ISC sources. 

Or remove bind and switch to the RedHat version.  You're paying RedHat
to do the maintenance, so unless you have local patches or very special
requirements, you might as well let them do the work. 

Typically, if you really need the latest from ISC on RedHat you're
better off getting the SRC RPM from RedHat & modifying the rpmbuild
config file to fetch the latest ISC source, then build RPMs.  If you
stay with the same ISC code stream, you won't have too many patch
conflicts to resolve.  After you've done this once or twice, you'll want
to revisit you need for local changes - either decide they're not that
important, or offer them to ISC.  Maintaining a private version is work.

Timothe Litt
ACM Distinguished Engineer
--
This communication may not represent the ACM or my employer's views,
if any, on the matters discussed. 





smime.p7s
Description: S/MIME Cryptographic Signature
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: Install BIND 9.9.7-P2 to fix vulnerability CVE-2015-5477

2015-09-07 Thread /dev/rob0 
On Mon, Sep 07, 2015 at 12:24:36PM +0300, stavrostseriotis wrote:
> I have a RedHat 5.11 machine and currently I am facing the issue 
> with BIND vulnerability CVE-2015-5477. I cannot update my BIND 
> using yum because I didn't install BIND from RedHat at the first 
> place so I need to do it manually.

Did you keep notes on what you did originally?  This would be an 
excellent time to refer to those notes.

> I downloaded the package of version 9.9.7-P2 from isc website but 
> since it is not an rpm file I have to build it myself.

Before you go any further you might as well grab the P3 version.
CVEs-2015-5722 & -5986 are fixed therein.  Granted those are not as 
serious as CVE-2015-5477 (which has a trivial exploit published), but 
it cannot hurt to have the later fixes.

I concur with the other posters; rpmbuild is the best way to deviate 
from Red Hat's own packages.  You will see that a contributor to this 
list maintains SRPMs for the latest BIND 9 releases.  With the SRPM 
and rpmbuild it's not much more effort to stay current than it is to 
"yum upgrade bind9" from Red Hat's repo of long-past-EOL software.

There's nothing wrong with such deviation; in fact it's extremely 
important to do so for your mission critical software.  But it 
requires a better understanding of the OS than you seem to have.

> I am wondering if you can give me a little guideline on how to 
> build and install the new version.

I would suggest that you invest some time in learning Red Hat basic 
administration skills, and with it some shell basics, and you will 
become able to diagnose and fix these problems on your own.

Good luck.
-- 
  http://rob0.nodns4.us/
  Offlist GMX mail is seen only if "/dev/rob0" is in the Subject:
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

RE: Install BIND 9.9.7-P2 to fix vulnerability CVE-2015-5477

2015-09-07 Thread stavrostseriotis 
Ok here is what I did:

. After extracting the package I looked out at directories
/usr/local/bin and /usr/local/sbin as mentioned in the procedure but I found
that there are no files there.

. I run configure command without openssl because I had trouble with
the openssl library when it was enabled. Also since I am not currently using
DNSSEC I guess that this is not a problem.

. Then I run make and I didn't get any error.

. I run make install and I didn't get any error again.

. Stopped named service

. I copied the /etc/named.conf file and then created another empty
file as instructed with the correct permissions.

. Started named service. It started normally without any error and
also the process that was up is the same as before.

. When I do named -V and also rpm -q bind I still see the same
versions as before.

 

Yes I know that if I was using the RedHat package I wouldn't had this
problem because I already do this for other linux machines. Just this
machine is old and when it was configured to work as nameserver the guys did
it this way. Now we are in the process to build a new machine for nameserver
with RedHat subscription and everything but until that happens it will be
best if we can get rid of this security vulnerability cause I don't know how
long it will take.

 

Thank you for your responses.

 

From: bind-users-boun...@lists.isc.org
[mailto:bind-users-boun...@lists.isc.org] On Behalf Of Timothe Litt
Sent: Monday, September 07, 2015 2:29 PM
To: bind-users@lists.isc.org
Subject: Re: Install BIND 9.9.7-P2 to fix vulnerability CVE-2015-5477

 


Subject: 

Install BIND 9.9.7-P2 to fix vulnerability CVE-2015-5477


From: 

stavrostseriotis  <mailto:stavrostserio...@semltd.com.cy>
<stavrostserio...@semltd.com.cy>


Date: 

07-Sep-15 05:24

 


To: 

bind-users@lists.isc.org

 

Hello,

 

I have a RedHat 5.11 machine and currently I am facing the issue with BIND
vulnerability CVE-2015-5477. I cannot update my BIND using yum because I
didn't install BIND from RedHat at the first place so I need to do it
manually.

I downloaded the package of version 9.9.7-P2 from isc website but since it
is not an rpm file I have to build it myself.

I followed the instructions I found on website
https://deepthought.isc.org/article/AA-00768/0/Getting-started-with-BIND-ho
but it does not change the version of bind. I don't know what I am doing
wrong.

I am wondering if you can give me a little guideline on how to build and
install the new version.

 

Thank you

"does not change the version of bind" - as reported how?  By named -V?  Or
by a DNS query to version.bind CH TXT?

If the former, you probably have more than one named executable - with the
old one earlier in your PATH.  "which named" should help.  If the latter,
did you remember to restart named?  And did the restart succeed?  And does
your startup process have the same PATH as your terminal?  (Often they do
not.)

Re-read the instructions - and pay special attention to how you run
configure.  The default is to build/install in /usr/local/*bin - which is
not the default for most distributions' startup files.

I strongly recommend keeping track of each step as you build (a big
scrollback buffer helps).  Either write your own instructions, or turn it
into a script.  There are enough steps that it's easy to make a mistake -
and you will be re-building bind again to upgrade.  Plus, if you ask for
help, you will be able to provide the details of what you did.  Without
details of what you did and what you see, people can't provide specific
help.

Note that RedHat usually has a number of patches (often for SeLinux and
systemd) that you won't get if you build yourself from ISC sources.  

Or remove bind and switch to the RedHat version.  You're paying RedHat to do
the maintenance, so unless you have local patches or very special
requirements, you might as well let them do the work.  

Typically, if you really need the latest from ISC on RedHat you're better
off getting the SRC RPM from RedHat & modifying the rpmbuild config file to
fetch the latest ISC source, then build RPMs.  If you stay with the same ISC
code stream, you won't have too many patch conflicts to resolve.  After
you've done this once or twice, you'll want to revisit you need for local
changes - either decide they're not that important, or offer them to ISC.
Maintaining a private version is work.




Timothe Litt
ACM Distinguished Engineer
--
This communication may not represent the ACM or my employer's views,
if any, on the matters discussed. 

 

 




The information in this e-mail and any of its attachments is confidential
and intended only for the individual to whom it is addressed. If you are
not the intended recipient you should immediately notify the sender and
delete the message and all of its attach

Re: Install BIND 9.9.7-P2 to fix vulnerability CVE-2015-5477

2015-09-07 Thread Carl Byington 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1


> I have a RedHat 5.11 machine and currently I am facing the issue with
> BIND vulnerability CVE-2015-5477. I cannot update my BIND using yum
> because I didn't install BIND from RedHat at the first place so I need
> to do it manually.

You might look at http://www.five-ten-sg.com/mapper/bind - links to a
source rpm for 9.10.2-P4 that compiles and runs on RHEL/Centos 5 (and
others).


-BEGIN PGP SIGNATURE-
Version: GnuPG v2.0.14 (GNU/Linux)

iEYEARECAAYFAlXuUZgACgkQL6j7milTFsHm/QCffLw4Q1uEAv+F1FM/RgYSLuR5
xzkAni5YNcmGw3Y8Kxql3w34ZeddcUmH
=jf5M
-END PGP SIGNATURE-



___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users