[Note: this is not an exploit... it is simply a precaution you would like to take in order not to get hit by any future named exploit discovered. RH6.2 apparently is safe, RH6.1 apparently isn't, don't know about other distributions. To check, run "ps axu | fgrep named". If the output shows "root" in the first column, please either run named as another user, or wait for your vendor to provide a solution -- Raju] ------------------------------------- Linux-Mandrake Security Update ------------------------------------- Package: bind Affected versions: 6.1 7.0 Problem: By default bind is launched as user and group root. This setting can give the possibility to easily exploit vulnerabities in bind. Thanks to Nicolas MONNET <nico at MONNET.TO> for his contribution. Please upgrade to: md5sum: 185c51a554cd1c2fedf42f002ba8f01f package: 6.1/RPMS/bind-8.2.2P5-6mdk.i586.rpm md5sum: 39757dd3b1157685a486fc2c7afe2855 package:6.1/RPMS/bind-devel-8.2.2P5-6mdk.i586.rpm md5sum: 507e45161ec6f9cbfb17dcf06d0831f0 package:6.1/RPMS/bind-utils-8.2.2P5-6mdk.i586.rpm md5sum: eeffc6a7d2c7813931a2bbcb8da05a79 source: 6.1/SRPMS/bind-8.2.2P5-6mdk.src.rpm md5sum: 95ccd87693c8e3c870f1bccd2842489b package:7.0/RPMS/bind-8.2.2P5-6mdk.i586.rpm md5sum: 31a1b33c3cf2013ea14ac1d0432a2785 package:7.0/RPMS/bind-devel-8.2.2P5-6mdk.i586.rpm md5sum: ce92d5be31c4675e5ec21e4a76815633 package:7.0/RPMS/bind-utils-8.2.2P5-6mdk.i586.rpm md5sum: eeffc6a7d2c7813931a2bbcb8da05a79 source: 7.0/SRPMS/bind-8.2.2P5-6mdk.src.rpm To upgrade automatically, use � MandrakeUpdate �. If you want to upgrade manually, download the updated package from one of our FTP server mirrors and uprade with "rpm -Uvh package_name". All mirrors are listed on http://www.mandrake.com/en/ftp.php3 Updated packages are available in the "updates/" directory. For example, if you are looking for an updated RPM package for Mandrake 7.0, look for it in: updates/7.0/RPMS/ Note: we give the md5 sum for each package. It lets you check the integrity of the downloaded package by running the md5sum command on the package ("md5sum package.rpm"). -- MandrakeSoft Inc http://www.mandrakesoft.com In travel. --Chmouel ----------------------------------------------------------------------- Check out the 'What to do before posting to the list' site for a list of things to try before posting. The site is at http://botsie.tripod.com/beforeposting/
