On Mon, Sep 07, 2015 at 12:24:36PM +0300, stavrostseriotis wrote: > I have a RedHat 5.11 machine and currently I am facing the issue > with BIND vulnerability CVE-2015-5477. I cannot update my BIND > using yum because I didn't install BIND from RedHat at the first > place so I need to do it manually.
Did you keep notes on what you did originally? This would be an excellent time to refer to those notes. > I downloaded the package of version 9.9.7-P2 from isc website but > since it is not an rpm file I have to build it myself. Before you go any further you might as well grab the P3 version. CVEs-2015-5722 & -5986 are fixed therein. Granted those are not as serious as CVE-2015-5477 (which has a trivial exploit published), but it cannot hurt to have the later fixes. I concur with the other posters; rpmbuild is the best way to deviate from Red Hat's own packages. You will see that a contributor to this list maintains SRPMs for the latest BIND 9 releases. With the SRPM and rpmbuild it's not much more effort to stay current than it is to "yum upgrade bind9" from Red Hat's repo of long-past-EOL software. There's nothing wrong with such deviation; in fact it's extremely important to do so for your mission critical software. But it requires a better understanding of the OS than you seem to have. > I am wondering if you can give me a little guideline on how to > build and install the new version. I would suggest that you invest some time in learning Red Hat basic administration skills, and with it some shell basics, and you will become able to diagnose and fix these problems on your own. Good luck. -- http://rob0.nodns4.us/ Offlist GMX mail is seen only if "/dev/rob0" is in the Subject: _______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users