New ISC BIND packages [Security Advisory]

ckristi · 2007-01-29 04:58:23

Hi there.

A new version of BIND 9.3.x (9.3.4) has been released addressing a DoS vulnerability as seen on SecurityFocus:
http://www.securityfocus.com/bid/22231
I don't know what's the "legal" procedure, maybe I had to mark the bind package as old before posting or something, but I just wanted to let the developers know about this.

Thanks for paying attention... now I'll go and mark bind as old.

Last edited by ckristi (2007-01-30 06:22:08)

ckristi · 2007-01-30 22:09:23

Come on.. This is an important package for people who run Arch as a server and no change in bind's state up till now?

tomk · 2007-01-30 22:15:37

If you need it urgently, you can build the new version yourself using ABS (Arch Build System). The maintainer will update the package as soon as he has the time.

ckristi · 2007-01-30 22:45:06

Thanks for the answer. I am using Arch as my primary workstation OS. And I am a very happy user. But I think it feels bad to see, for example, updates for beryl and not for a security advisory. I am kind of a "Linux literate". I will always use Slackware for a server due to its stability. But speed of Arch and the easiness in using it made me think that at some point I could switch at least my home server to Arch, too. Also I can and, if that's the case, will compile my possibly vulnerable program from sources before an updated package is in the repo (and if I or some security advisory site thinks it is a critical vulnerability). I was just thinking about people who think they're safe if they run "pacman -Syu" at least every day and who don't have "securityfocus dot com" or some other security advisory site in their bookmarks menu. I am one of the people who just occasionally visits securityfocus.com just to see how serious is a problem. And now, what dragged me to securityfocus was the update of bind in Slackware and Fedora which happened 4-5 days ago and no bind update for Arch.

byte · 2007-01-31 00:30:30

Do you host your domain on your Arch box with DNSSEC enabled? If not, you don't need to worry.

ckristi · 2007-01-31 04:44:06

I know. I just said it's not about me. Thanks for your trying to calm me down. ;-) I've read at some point on this forum about creating a team of forum members interested in watching security advisories and alert the developers about new security releases. If this is going to happen, I wanna be _in_.

ckristi · 2007-02-04 12:16:56

Still no bind update. What's going on?
I don't wanna be a pain, but... why?

Cristi

_Pi · 2007-02-04 15:45:27

tomk wrote:

If you need it urgently, you can build the new version yourself using ABS (Arch Build System). The maintainer will update the package as soon as he has the time.

Translation: Maintainers = Lazy.

Gaim didn't have an update for months, and b6 is bugged to the teeth and they updated to that.
Plus Beryl to people is ooo shiny and a daemon is like something out of sight out of mind. I do feel for you though being Linux litterate myself it's kinda hard to see reasoning for some of the stuff that is going on with the repo. I think basically updates run on popular demand basis. Beryl will probably always come first.

ckristi · 2007-02-04 16:56:12

Thanks for the upgrade. Better later than never.

Arch Linux

#1 2007-01-29 04:58:23

New ISC BIND packages [Security Advisory]

#2 2007-01-30 22:09:23

Re: New ISC BIND packages [Security Advisory]

#3 2007-01-30 22:15:37

Re: New ISC BIND packages [Security Advisory]

#4 2007-01-30 22:45:06

Re: New ISC BIND packages [Security Advisory]

#5 2007-01-31 00:30:30

Re: New ISC BIND packages [Security Advisory]

#6 2007-01-31 04:44:06

Re: New ISC BIND packages [Security Advisory]

#7 2007-02-04 12:16:56

Re: New ISC BIND packages [Security Advisory]

#8 2007-02-04 15:45:27

Re: New ISC BIND packages [Security Advisory]

#9 2007-02-04 16:56:12

Re: New ISC BIND packages [Security Advisory]

Board footer