On Mon, 22 Oct 2007, Indunil Jayasooriya wrote: > On 10/22/07, Ralph Angenendt <ra+centos at br-online.de> wrote: > > > > Indunil Jayasooriya wrote: > > > > > > Hi, > > > Centos 4.4 comes with bind 9.2.x. I want to upgrade it to > > bind > > > bind-9.3.3-9.x as bind 9.2.x had a security hole. > > > > Which one which isn't fixed in bind-9.2.4-27.0.1.el4? > > Thanks for your quick respone. > > pls see below URL. > > http://www.net-security.org/secworld.php?id=5366 > > We discussed about it in this list. see below URLs > > http://lists.centos.org/pipermail/centos/2007-July/084180.html > http://lists.centos.org/pipermail/centos/2007-July/084186.html Indunil, The correct solution to deal with this security issue is to update to the latest bind of CentOS 4, which already provided a backported fix for this problem in CentOS 4. By rebuilding a package of CentOS 5 and running it on CentOS 4, you will no longer receive automatically any new security fixes from CentOS 4. Because you have manually upgraded your CentOS 4 bind to a newer version than Red Hat supports. As a consequence of your actions, you will have to rebuild *every* bind release from CentOS 5 on your CentOS 4 box yourself. For no real good reason. -- -- dag wieers, dag at centos.org, http://dag.wieers.com/ -- [Any errors in spelling, tact or fact are transmission errors]