Re: BIND vulnerability

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]



On Wed, Jul 29, 2009 at 5:59 PM, David Hrbáč<hrbac.conf@xxxxxxxxx> wrote:> RedShift napsal(a):>> According to a commenter, this should provide a temporary countermeasure:>>>> iptables -A INPUT -p udp --dport 53 -j DROP -m u32 --u32 '30>>27&0xF=5'>>>> Haven't tested it, would like to know the results...>>>> Well, good point, but Centos does not ship libipt_u32.so. Even more> Centos 4.x is now undergoing rebuild process, so no updates even> security updates are being released. Which is something I can accept.>> Those looking for patched bind for Centos 4.x may use packages I have> built with CVE-2009-0696 patch.> http://fs12.vsb.cz/hrb33/el4/hrb/testing/i386/repoview/letter_b.group.html> http://fs12.vsb.cz/hrb33/el4/hrb/testing/x86_64/repoview/letter_b.group.html
Well done, David but there's a little problem with those rpms:Preparing...                ########################################### [100%]        package bind-libs-9.2.4-30.el4_7.2 (which is newer thanbind-libs-9.2.4-30.el4.hrb.2.1) is already installed        package bind-utils-9.2.4-30.el4_7.2 (which is newer thanbind-utils-9.2.4-30.el4.hrb.2.1) is already installed        package bind-9.2.4-30.el4_7.2 (which is newer thanbind-9.2.4-30.el4.hrb.2.1) is already installed        package bind-chroot-9.2.4-30.el4_7.2 (which is newer thanbind-chroot-9.2.4-30.el4.hrb.2.1) is already installedMaybe you can bump the version a bit.
>> Regards,> David Hrbáč>>>>>>>>>> _______________________________________________> CentOS mailing list> CentOS@xxxxxxxxxx> http://lists.centos.org/mailman/listinfo/centos>_______________________________________________CentOS mailing listCentOS@xxxxxxxxxxxxxx://lists.centos.org/mailman/listinfo/centos

[Index of Archives]     [CentOS]     [CentOS Announce]     [CentOS Development]     [CentOS ARM Devel]     [CentOS Docs]     [CentOS Virtualization]     [Carrier Grade Linux]     [Linux Media]     [Asterisk]     [DCCP]     [Netdev]     [Xorg]     [Linux USB]
  Powered by Linux