[nycbug-talk] BIND vulnerability
Charles Sprickman
spork at bway.net
Tue Jul 8 22:30:39 EDT 2008
Just in case you haven't seen this elsewhere yet:
http://www.kb.cert.org/vuls/id/800113
http://www.kb.cert.org/vuls/id/MIMG-7ECL7M
I wonder if that "notification date" for FreeBSD is to be believed?
There's currently no updates to the ports. I run 9.3.5 and was able to
build the patched version within ports by doing the following:
-editing the distinfo file like so:
MD5 (bind-9.3.5-P1.tar.gz) = 1446984f552b18a0ff7db63971a0cb5a
SHA256 (bind-9.3.5-P1.tar.gz) = 8bd6b53f5a2c5f0332aaba9a51ef3d7fc55c60f906f0c506
e11b6600ed82a90b
SIZE (bind-9.3.5-P1.tar.gz) = 5626167
MD5 (bind-9.3.5-P1.tar.gz.asc) = 3680754939a9af0b1f6bb733a3a8fb3b
SHA256 (bind-9.3.5-P1.tar.gz.asc) = cf312c8a4c2cf1c07a473d2ff6db597a0677c5f8a79b
4e7d3f7333663a862a5c
SIZE (bind-9.3.5-P1.tar.gz.asc) = 479
-editing the port Makefile to reflect the new filename:
# ISC releases things like 9.3.0rc1, which our versioning doesn't like
ISCVERSION= 9.3.5-P1
Built clean on 6.3, running it for about an hour now.
Perhaps others can share any info on the ports/pkg systems for other BSDs?
Of course anyone who's been running DNSSEC before today is welcome to pipe
up with any good tips on getting that beast going for a ton of zones...
Charles
___
Charles Sprickman
NetEng/SysAdmin
Bway.net - New York's Best Internet - www.bway.net
spork at bway.net - 212.655.9344
More information about the talk
mailing list