From owner-freebsd-stable Fri Jan 14 13:34:48 2000 Delivered-To: freebsd-stable@freebsd.org Received: from fw.wintelcom.net (ns1.wintelcom.net [209.1.153.20]) by hub.freebsd.org (Postfix) with ESMTP id 2736D14C33 for ; Fri, 14 Jan 2000 13:34:46 -0800 (PST) (envelope-from bright@fw.wintelcom.net) Received: (from bright@localhost) by fw.wintelcom.net (8.9.3/8.9.3) id NAA02189; Fri, 14 Jan 2000 13:57:03 -0800 (PST) Date: Fri, 14 Jan 2000 13:57:03 -0800 From: Alfred Perlstein To: Clifton Royston Cc: freebsd-stable@FreeBSD.ORG Subject: Re: Bind version in 3.3RELEASE Message-ID: <20000114135702.E508@fw.wintelcom.net> References: <20000114111536.E8127@lava.net> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Mailer: Mutt 1.0i In-Reply-To: <20000114111536.E8127@lava.net>; from cliftonr@lava.net on Fri, Jan 14, 2000 at 11:15:37AM -1000 Sender: owner-freebsd-stable@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG * Clifton Royston [000114 13:39] wrote: > I noticed 3.3Release, which I installed recently, is running Bind > 8.2.1 which has known security vulnerabilities including a possible root > compromise exploit. > > I did not see this mentioned in the errata page for 3.3 at > > > The ISC recommends running Bind 8.2.2P5. Is Bind 8.2.2P5 > incorporated into the latest -stable build, so that I'll get it if I > start doing CTM or CVS updates? Or is it preferable to grab the > sources direct from ISC? 2 options: a) upgrade entire system to 3-stable, it's pretty easy: pkg_add ftp://ftp.freebsd.org/pub/FreeBSD/CVSup/cvsupit.tgz read: http://www.freebsd.org/handbook/makeworld.html b) get the latest bind port: pkg_add ftp://ftp.freebsd.org/pub/FreeBSD/CVSup/cvsupit.tgz cd /usr/ports/net/bind8/ && make install I would choose 'A' if the server is not yet in production, or 'B' if your uptime is more valuable than a fresher system. good luck, -Alfred To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-stable" in the body of the message