Re: bind9, SELinux, ServFail

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] 

On Thu, Jul 10, 2008 at 10:39 PM, Meenoo Shivdasani <meenoo@xxxxxxxxx> wrote:
> To be more accurate, I installed the patched version of BIND which
> randomizes the source port to address the latest DNS vulnerability.

Did you update the "selinux-policy" package at the same time?

On my system I have bind-9.3.4-6.0.1.P1.el5_2 and
selinux-policy-2.4.6-137.1.el5, both of them were signed at
approximately the same time, and were installed at approximately the
same time on my system, which tells me they most probably came from
the same update (it's easy to confirm that by looking at the
centos-announce mails).

Also:

$ rpm -q --changelog selinux-policy
* Tue Apr 29 2008 Dan Walsh <dwalsh@xxxxxxxxxx> 2.4.6-137.1
- Allow named to bind to any udp port
Resolves: #451971
...

Well, I'm almost positive that is what you are missing.

HTH,
Filipe
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos
[Index of Archives]     [CentOS]     [CentOS Announce]     [CentOS Development]     [CentOS ARM Devel]     [CentOS Docs]     [CentOS Virtualization]     [Carrier Grade Linux]     [Linux Media]     [Asterisk]     [DCCP]     [Netdev]     [Xorg]     [Linux USB]
  Powered by Linux