trigger point for new bug
Fajar A. Nugraha
work at fajar.net
Sun Nov 20 21:35:16 UTC 2011
On Fri, Nov 18, 2011 at 6:11 AM, Jack Tavares <j.tavares at f5.com> wrote:
> Thank you again. And I agree that upgrading is the best option, however
> I was looking for any possible mitigations to the problem for the
> (unfortunately unavoidable) period of time it will take vendors
> to provide patched bind servers.
Which "vendors" are you talking about? AFAIK most linux distros have
special release policy w.r.t. critical security updates, so they
should be available not long after a CVE was published. For example:
https://www.isc.org/software/bind/advisories/cve-2011-4313 => Nov 16
https://rhn.redhat.com/errata/RHSA-2011-1458.html => updated package
available on Nov 17
Another alternative (if you can't wait one day) is to build the
package yourself, assuming you have sufficient knowldege about patches
and your distro's build system (e.g. rebuilding SRPM).
--
Fajar
More information about the bind-users
mailing list