[BlueOnyx:04462] Re: (no subject)
Jeff Folk
jefffolk at mac.com
Wed May 12 15:31:57 -05 2010
On May 12, 2010, at 2:46 PM, webmaster wrote:
>
> Running BX everything is up to date using yum (I thknk)
>
> Webmin tells me that my version of bind is BIND version 9.3.6.
> Correct?
>
> Anyway. I am dealing with PCI compliance issues for a client and my
> server guy says that I have BIND version 9.3.6 DNS cache poisioning
>
> This true?
Maybe... probably not...
Most distros, CentOS included, issue patches throughout its lifespan.
They may not go to bind 9.4, but the vulnerability is usually patched
quickly. Our current version and release of bind is this:
[root at box1 admin]# rpm -q bind
bind-9.3.6-4.P1.el5_4.2
The P1 is supposed to address that vulnerability.
http://lwn.net/Alerts/370490/
Ours was updated:
Jan 21 06:04:23 Updated: 30:bind-chroot-9.3.6-4.P1.el5_4.2.i386
Jan 21 06:04:13 Updated: 30:bind-chroot-9.3.6-4.P1.el5_4.2.i386
Jan 21 06:04:08 Updated: 30:bind-utils-9.3.6-4.P1.el5_4.2.i386
Jan 21 06:04:08 Updated: 30:bind-9.3.6-4.P1.el5_4.2.i386
Jan 21 06:04:08 Updated: 30:bind-libs-9.3.6-4.P1.el5_4.2.i386
More information about the Blueonyx
mailing list