[CentOS] BInd Problem or Update SSL ?

Fri Feb 18 22:27:06 UTC 2011
Nico Kadel-Garcia <nkadel at gmail.com>

On Fri, Feb 18, 2011 at 4:15 PM, Always Learning <centos at g7.u22.net> wrote:
>> From: Larry Vaden <vaden at texoma.net>
>> Date: Sun, Jan 23, 2011 at 8:03 PM
>> Subject: sources of bind-9.7.2-P3 rpms for Centos 4.8 and 5.5?
>
>
>> Our site running Centos 4.8 and 5.5 name servers was hacked with
>> the result that www.yahoo.com is now within our /19 and causing
>> some grief.
>
> Don't understand what you mean by 'within our /19'. Have your IP ranges
> changed?  If your Bind date is corrupt, why not re-install Centos and
> then restore the domains data from one of your regular backups?
>
> Is it a wise business decision to use C 4.8 instead of C 5 or the latest
> which is C 5.5 ?
>
>> Google hasn't led me to an RPM for bind-9.7.2-P3 nor has the
>> search facility at centos.org.  However, it is obvious from said
>> searches that Mandriva upgraded last year.
>
> I believe C6 will include an updated Bind.

It's also in RHEL 5.6, so I expect it in CentOs 5.6, from the SRPM
bind97-9.7.0-6.P2.el5.src.rpm. Grab that one from your nearest RedHat
SRPM repository, such mirrors.kernel.org/redhat/, if you're in a rush.

>> An attempt to install bind-9.7.2-P3 from source yields the warning
>> below the sig for both 4.8 and 5.5 machines.
>
>> WARNING WARNING WARNING WARNING WARNING ..........
>>
>> Your OpenSSL crypto library may be vulnerable to .....
>> one or more of the the following known security ....
>> flaws:
>>
>> CAN-2002-0659, CAN-2006-4339, CVE-2006-2937 and
>> CVE-2006-2940.
>>
>> It is recommended that you upgrade to OpenSSL
>> version 0.9.8d/0.9.7l (or greater).
>
> Well, on my C 5.5 desktop my OpenSSL is (yum info openssl)
>
> Name       : openssl
> Arch       : x86_64
> Version    : 0.9.8e
> Release    : 12.el5_5.7
> Size       : 3.4 M
>
> The same version for i686.
>
> Larry, why can't you install the latest OpenSSL ?
>
> On C 5.5 the latest Bind is 9.3.6 (Release: 4.P1.el5_5.3)
>
> If you really need the latest Bind and can not wait about a month for C6
> why don't you use a different flavour of Linux?  In business one can not
> be too sentimental and difficult decisions have to be made all the time.
>
>
> With best regards,
>
> Paul.
> England,
> EU.
>
>
> _______________________________________________
> CentOS mailing list
> CentOS at centos.org
> http://lists.centos.org/mailman/listinfo/centos
>