<br><br><div><span class="gmail_quote">On 10/22/07, <b class="gmail_sendername">Ralph Angenendt</b> <<a href="mailto:ra+centos@br-online.de">ra+centos@br-online.de</a>> wrote:</span><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">
Indunil Jayasooriya wrote:<br>><br>>    [admin@juwel ~]$ rpm -q --changelog bind-libs|grep CVE<br>><br>>      - fixed cryptographically weak query id generator (CVE-2007-2926)<br>>      So that has been fixed, as you have been told on Jul 25th. Why bring
<br>>      that up again?<br>><br>>    Really sorry.<br>>    I also checked. pls see below.<br>>    [root@mailgw named]# rpm -q --changelog bind-libs|grep CVE<br>>    - added fix for #225222: CVE-2007-0494 BIND dnssec denial of service
<br><br>So which version of bind is that? </blockquote><div><br>[root@mailgw named]# rpm -qa |grep bind<br><br>bind-utils-9.2.4-24.EL4<br>bind-libs-9.2.4-24.EL4<br>bind-9.2.4-24.EL4<br>bind-chroot-9.2.4-24.EL4<br><br> </div>
Did you update it?  <br><br>I now checked. the below are the latest @ CentOS 4 branch. I am going to update to the below.<br><br><br><a href="http://isoredirect.centos.org/centos/4/updates/i386/RPMS/bind-9.2.4-27.0.1.el4.i386.rpm">
http://isoredirect.centos.org/centos/4/updates/i386/RPMS/bind-9.2.4-27.0.1.el4.i386.rpm</a><br><a href="http://isoredirect.centos.org/centos/4/updates/i386/RPMS/bind-chroot-9.2.4-27.0.1.el4.i386.rpm">http://isoredirect.centos.org/centos/4/updates/i386/RPMS/bind-chroot-9.2.4-27.0.1.el4.i386.rpm
</a><br><a href="http://isoredirect.centos.org/centos/4/updates/i386/RPMS/bind-libs-9.2.4-27.0.1.el4.i386.rpm">http://isoredirect.centos.org/centos/4/updates/i386/RPMS/bind-libs-9.2.4-27.0.1.el4.i386.rpm</a><br><a href="http://isoredirect.centos.org/centos/4/updates/i386/RPMS/bind-utils-9.2.4-27.0.1.el4.i386.rpm">
http://isoredirect.centos.org/centos/4/updates/i386/RPMS/bind-utils-9.2.4-27.0.1.el4.i386.rpm</a><br><br><br><br></div>-- <br>Thank you<br>Indunil Jayasooriya<br>