On Thu, 2011-02-24 at 15:08 +1300, Machin, Greg wrote:
I have had an enquiry from the Network and Security guy. He wants to know why CentOS 5.5 /RHEL 5 is using a very old version of bind “bind-chroot-9.3.6-4.P1.el5_5.3” when the latest release that has many security fixes is on 9.7.3 . I understand that its to maintain a known stable platform by in introducing new elements etc .. Is there an official explanation / document that I can direct him to.
It is my understanding the security issue neither affects the Red Hat version of Bind nor the Centos derivative for operating system releases 4 and 5.
This subject was mentioned here with some passion in the last 48 hours but I don't keep copies.
Please suggest to your "guy" he needs to do some Googling to find recent emails from this mailing list and other sources which may provide further information.