<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<meta content="text/html; charset=ISO-8859-1"
http-equiv="Content-Type">
</head>
<body text="#000000" bgcolor="#ffffff">
<br>
On 02/24/2011 01:08 PM, Machin, Greg wrote:
<blockquote
cite="mid:5A60B6471183E64BBD45354D494DD609025D2097@GARFIELD.topnz.ac.nz"
type="cite">
<meta http-equiv="Content-Type" content="text/html;
charset=ISO-8859-1">
<meta name="Generator" content="Microsoft Word 12 (filtered
medium)">
<style>
<!--
/* Font Definitions */
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
{font-family:Tahoma;
panose-1:2 11 6 4 3 5 4 4 2 4;}
@font-face
{font-family:"Arial CYR";}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0cm;
margin-bottom:.0001pt;
font-size:11.0pt;
font-family:"Calibri","sans-serif";}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:purple;
text-decoration:underline;}
p.MsoAcetate, li.MsoAcetate, div.MsoAcetate
{mso-style-priority:99;
mso-style-link:"Balloon Text Char";
margin:0cm;
margin-bottom:.0001pt;
font-size:8.0pt;
font-family:"Tahoma","sans-serif";}
span.EmailStyle17
{mso-style-type:personal-compose;
font-family:"Calibri","sans-serif";
color:windowtext;}
span.BalloonTextChar
{mso-style-name:"Balloon Text Char";
mso-style-priority:99;
mso-style-link:"Balloon Text";
font-family:"Tahoma","sans-serif";}
.MsoChpDefault
{mso-style-type:export-only;}
@page WordSection1
{size:612.0pt 792.0pt;
margin:72.0pt 72.0pt 72.0pt 72.0pt;}
div.WordSection1
{page:WordSection1;}
-->
</style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
<div class="WordSection1">
<p class="MsoNormal">Hi.<o:p></o:p></p>
<p class="MsoNormal">I have had an enquiry from the Network and
Security guy. He
wants to know why CentOS 5.5 /RHEL 5 is using a very old
version of bind “bind-chroot-9.3.6-4.P1.el5_5.3”
when the latest release that has many security fixes is on
9.7.3 . I understand
that its to maintain a known stable platform by in introducing
new elements etc
.. Is there an official explanation / document that I can
direct him to.<o:p></o:p></p>
</div>
</blockquote>
<br>
Hi Greg<br>
<br>
Probably an idea to point your N&S guys at the RH 'backporting'
Page -
<a class="moz-txt-link-freetext" href="https://access.redhat.com/security/updates/backporting/?sc_cid=3093">https://access.redhat.com/security/updates/backporting/?sc_cid=3093</a><br>
<br>
Basically, the version is kept the same to minimise impact on users,
whilst bugfixes and security errata from future versions are
'backported' to the version that ships with the relevant RHEL
version.<br>
<br>
Also worthwhile pointing them at the BIND CVE in the Redhat
Bugzilla, which advises on the impact on the RHEL versions -
<a class="moz-txt-link-freetext" href="https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2011-0414">https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2011-0414</a><br>
<br>
<br>
Regards<br>
<br>
Steve<br>
</body>
</html>