On Mon, 22 Oct 2007, Indunil Jayasooriya wrote:
On 10/22/07, Ralph Angenendt ra+centos@br-online.de wrote:
Indunil Jayasooriya wrote:
Hi, Centos 4.4 comes with bind 9.2.x. I want to upgrade it to
bind
bind-9.3.3-9.x as bind 9.2.x had a security hole.
Which one which isn't fixed in bind-9.2.4-27.0.1.el4?
Thanks for your quick respone.
pls see below URL.
http://www.net-security.org/secworld.php?id=5366We discussed about it in this list. see below URLs
http://lists.centos.org/pipermail/centos/2007-July/084180.html http://lists.centos.org/pipermail/centos/2007-July/084186.html
Indunil,
The correct solution to deal with this security issue is to update to the latest bind of CentOS 4, which already provided a backported fix for this problem in CentOS 4.
By rebuilding a package of CentOS 5 and running it on CentOS 4, you will no longer receive automatically any new security fixes from CentOS 4. Because you have manually upgraded your CentOS 4 bind to a newer version than Red Hat supports.
As a consequence of your actions, you will have to rebuild *every* bind release from CentOS 5 on your CentOS 4 box yourself. For no real good reason.