07/03/2012 01:16 AM, Oscar Ricardo Silva wrote:
>> I *THINK* I found the reason for why we're exposed to this bug ...
>> It would appear that Redhat based their BIND package on 9.8.2rc1.
>> Guess where the patch for this bug was applied? 9.8.2rc2.
> Are you sure about this?
> From what I can see in our local yum repo of the RHEL6 ISOs, it
> shipped with bind 9.7.
> Sure that isn't a local package, or you're joined into a
> non-production channel?
Nope, not 100% sure of this but I strongly suspect this is the case. We
recently had to update the BIND package on RHEL6 to address this
vulnerability:
CVE-2012-1667
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-1667
and in the process of upgrading, were given
bind-9.8.2-0.10.rc1.el6:32.i686. It was while looking at the source for
that package (bind-9.8.2-0.10.rc1.el6.src.rpm) that I found the file
bind-9.8.2rc1.tar.gz
According to the changelog on that package, they changed the numbering
from 9.7 to 9.8 starting in February of this year:
******************************
2012-02-15 12:00:00
.... 32:9.8.2-0.3.rc1:
2011-12-20 12:00:00
.... 32:9.7.3-10.P3:
******************************
Oscar
Oscar
_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
