[csw-users] Help test new BIND 9.4.2-P1 that fix critical security flaw

Peter Bonivart bonivart at blastwave.org
Thu Jul 10 01:58:30 CEST 2008


I have built a new version of BIND since the current one has a
critical security flaw and everyone running a caching DNS needs to
upgrade, more info here: http://www.kb.cert.org/vuls/id/800113.

Please help me test it so we can release it quickly. I have gotten a
few positive reports (and no negative) so it should be relatively safe
to test but as always, try it on a non-production server first.

Note to those running an older version than the current unstable
package (9.4.1-P1): the paths to configuration files and zone files
have changed to ease having /opt/csw NFS-mounted. You're now supposed
to have named.conf and such in /etc/opt/csw and zones and such in
/var/opt/csw/named. By modifying /etc/init.d/cswnamed you can keep
your old paths if you like. Also, some defaults in BIND have changed,
e.g. allow-recursion so check your named.conf. This has nothing to do
with the new package, it was introduced in 9.4.1-P1 but I wanted to
warn you if you're doing a larger jump because of the security flaw
and get into trouble because of the changes.

http://www.blastwave.org/testing/bind-9.4.2,REV=2008.07.09_rev=p1-SunOS5.8-i386-CSW.pkg.gz
http://www.blastwave.org/testing/bind-9.4.2,REV=2008.07.09_rev=p1-SunOS5.8-sparc-CSW.pkg.gz

Please report back, either to the list or to me directly, whether you
have success or not so we can release it officially to unstable as
quickly as possible.

/peter

-- 
EB White  - "Be obscure clearly."



More information about the users mailing list