On Thu, 2 Mar 2000, hUnTeR wrote:
> I hate to barge in here BUT, there is a security upgrade from P3 to P5,
> and i quote from the isc.org page:
Please read your own quote - it specifically says there are NO security
fixes.
> "ISC's BIND 8.2.2-P5 was released on November 12. It
> includes many new features, including the security
======================
> updates from 8.2.2-P3. If you are running a version of
======================
== including the same security fixes 8.2.2-P3 has
> BIND prior to 8.2.2-P3, we strongly recommend
=================
== If you're running 8.2.2-P3 or higher, there's no need to upgrade
> And to further my insistance that there are patches in P5 related to
> security here is an interesting URL from their website:
>
> http://www.isc.org/products/BIND/bind-security-19991108.html
Quoting from that page:
version nxt sig naptr maxdname solinger fdmax
8.2.2 p2+ - - - - - -
Vulnerable: '+', Not Vulnerable: '-', Feature does not exist: ' '
In clear text, 8.2.2p3 does not have any known security problems.
> where it discusses the bugs and the various release patches for their
> bind code. I would build your own and get it from the vendor, rather
> than be hacked waiting for a patch update or new RPM release from redhat
The P5 RPM has been around for ages (rawhide, 6.2 beta). If you don't
believe me that P3 is ok, install that. (It has some additional fixes the
ISC version doesn't have).
> (no offense, but its isc's code, and they are MUCH quicker at fixing
> exploits than redhat is).
Because they're MUCH quicker releasing untested code.
LLaP
bero
--
To unsubscribe: mail [EMAIL PROTECTED] with "unsubscribe"
as the Subject.
