On Fri, Feb 18, 2011 at 2:19 PM, Always Learning <centos@xxxxxxxxxx> wrote:
>
> Larry, please take my advice and get help or, at the very least, talk to
> someone about the matters troubling you. It is bad to hold everything
> inside you. Please share your problems with someone you can relate to.
> It is for your own benefit.
Paul, I did as you suggest. An extract of said post is below the
sig. There wasn't a single response (I could be wrong about that, but
don't believe that is the case at this time).
kind regards/ldv/vaden@xxxxxxxxxx
---------- Forwarded message ----------
From: Larry Vaden <vaden@xxxxxxxxxx>
Date: Sun, Jan 23, 2011 at 8:03 PM
Subject: sources of bind-9.7.2-P3 rpms for Centos 4.8 and 5.5?
To: centos@xxxxxxxxxx
Our site running Centos 4.8 and 5.5 name servers was hacked with the
result that www.yahoo.com is now within our /19 and causing some
grief.
Google hasn't led me to an RPM for bind-9.7.2-P3 nor has the search
facility at centos.org. ÂHowever, it is obvious from said searches
that Mandriva upgraded last year.
An attempt to install bind-9.7.2-P3 from source yields the warning
below the sig for both 4.8 and 5.5 machines.
Does anyone know of RPMs that address the security issues involved?
RANT: does anyone know of the upstream's justification for providing
such old code?
kind regards/ldv
WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING
WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING
WARNING Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â WARNING
WARNING     Your OpenSSL crypto library may be vulnerable to    ÂWARNING
WARNING     one or more of the the following known security     WARNING
WARNING Â Â Â Â flaws: Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â ÂWARNING
WARNING Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â WARNING
WARNING     CAN-2002-0659, CAN-2006-4339, CVE-2006-2937 and     WARNING
WARNING Â Â Â Â CVE-2006-2940. Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â ÂWARNING
WARNING Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â WARNING
WARNING Â Â Â Â It is recommended that you upgrade to OpenSSL Â Â Â Â Â WARNING
WARNING Â Â Â Â version 0.9.8d/0.9.7l (or greater). Â Â Â Â Â Â Â Â Â Â WARNING
WARNING Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â WARNING
WARNING Â Â Â Â You can disable this warning by specifying: Â Â Â Â Â Â WARNING
WARNING Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â WARNING
WARNING        --disable-openssl-version-check          WARNING
WARNING Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â WARNING
WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING
WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING
[root@shell bind-9.7.2-P3]# cat /etc/redhat-release
CentOS release 5.5 (Final)
[root@shell bind-9.7.2-P3]#
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos
