reg - BIND 9.3.0 - CVE-2009-0025
Alan Clegg
Alan_Clegg at isc.org
Wed Jan 28 12:09:01 UTC 2009
Ashish wrote:
> This is regarding the recent security threat CVE-2009-0025.
>
> We are using DNS 9.3.0 and unfortunately, we cannot upgrade (management
> issues) to 9.3.6 (As suggested in ISC website)
>
> ISC’s website suggests to Upgrade OpenSSL to at least OpenSSL 0.9.8j and
> then to upgrade to 9.3.6-P1.
>
> Could you please advice how can I upgrade OpenSSL? Since we could not
> upgrade DNS is there any other alternative for us. Could we apply the
> same patch of 9.3.6-P1 on 9.3.0? Will it help resolving this issue?
I suggest that you first attempt to "patch" the "management issues" that
are locking you into the use of code that has known issues and is well
past End-Of-Life.
Beyond that, you can follow the instructions in the section of
https://www.isc.org/node/389 labeled "Workarounds" / "9.3.0" that
explains how to disable the use of the DSA algorithm.
AlanC
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 197 bytes
Desc: OpenPGP digital signature
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20090128/6e12532b/attachment.bin>
More information about the bind-users
mailing list