You are not logged in.
Hi there.
A new version of BIND 9.3.x (9.3.4) has been released addressing a DoS vulnerability as seen on SecurityFocus:
http://www.securityfocus.com/bid/22231
I don't know what's the "legal" procedure, maybe I had to mark the bind package as old before posting or something, but I just wanted to let the developers know about this.
Thanks for paying attention... now I'll go and mark bind as old.
Last edited by ckristi (2007-01-30 06:22:08)
In love I believe and in Linux I trust
Offline
Come on.. This is an important package for people who run Arch as a server and no change in bind's state up till now?
In love I believe and in Linux I trust
Offline
If you need it urgently, you can build the new version yourself using ABS (Arch Build System). The maintainer will update the package as soon as he has the time.
Offline
Thanks for the answer. I am using Arch as my primary workstation OS. And I am a very happy user. But I think it feels bad to see, for example, updates for beryl and not for a security advisory. I am kind of a "Linux literate". I will always use Slackware for a server due to its stability. But speed of Arch and the easiness in using it made me think that at some point I could switch at least my home server to Arch, too. Also I can and, if that's the case, will compile my possibly vulnerable program from sources before an updated package is in the repo (and if I or some security advisory site thinks it is a critical vulnerability). I was just thinking about people who think they're safe if they run "pacman -Syu" at least every day and who don't have "securityfocus dot com" or some other security advisory site in their bookmarks menu. I am one of the people who just occasionally visits securityfocus.com just to see how serious is a problem. And now, what dragged me to securityfocus was the update of bind in Slackware and Fedora which happened 4-5 days ago and no bind update for Arch.
In love I believe and in Linux I trust
Offline
Do you host your domain on your Arch box with DNSSEC enabled? If not, you don't need to worry.
1000
Offline
I know. I just said it's not about me. Thanks for your trying to calm me down. ;-) I've read at some point on this forum about creating a team of forum members interested in watching security advisories and alert the developers about new security releases. If this is going to happen, I wanna be _in_.
In love I believe and in Linux I trust
Offline
Still no bind update. What's going on?
I don't wanna be a pain, but... why?
Cristi
In love I believe and in Linux I trust
Offline
If you need it urgently, you can build the new version yourself using ABS (Arch Build System). The maintainer will update the package as soon as he has the time.
Translation: Maintainers = Lazy.
Gaim didn't have an update for months, and b6 is bugged to the teeth and they updated to that.
Plus Beryl to people is ooo shiny and a daemon is like something out of sight out of mind. I do feel for you though being Linux litterate myself it's kinda hard to see reasoning for some of the stuff that is going on with the repo. I think basically updates run on popular demand basis. Beryl will probably always come first.
Offline
Thanks for the upgrade. Better later than never.
In love I believe and in Linux I trust
Offline