On 02/24/2011 01:08 PM, Machin, Greg wrote:
Hi.
I have had an enquiry from the Network and Security guy. He wants to know why CentOS 5.5 /RHEL 5 is using a very old version of bind "bind-chroot-9.3.6-4.P1.el5_5.3" when the latest release that has many security fixes is on 9.7.3 . I understand that its to maintain a known stable platform by in introducing new elements etc .. Is there an official explanation / document that I can direct him to.
Hi Greg
Probably an idea to point your N&S guys at the RH 'backporting' Page - https://access.redhat.com/security/updates/backporting/?sc_cid=3093
Basically, the version is kept the same to minimise impact on users, whilst bugfixes and security errata from future versions are 'backported' to the version that ships with the relevant RHEL version.
Also worthwhile pointing them at the BIND CVE in the Redhat Bugzilla, which advises on the impact on the RHEL versions - https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2011-0414
Regards
Steve