Hi, Am 31.07.2015 um 12:29 schrieb P.Suetterlin@royac.iac.es:
I'm running a server that is still on 12.3 (update scheduled for autumn). There has been a security alert concerning bind (CVE-2015-5477), and now I wonder if I need to do something.
Acording to heise.de (http://www.heise.de/newsticker/meldung/Kritische-Luecke-in-DNS-Server-Softwa..., in german) affected versions are 9, 9.1.0, 9.9.7-P1 Und 9.10.2-P2
12.3 (like 13.1) has 9.9.4P2, so I thought I'm safe, but today arrived an update for this exact version for 11.4 Evergreen.
Are there others still running bind on 12.3? What are you doing?
according to https://kb.isc.org/article/AA-01272 it says: 9.1.0 -> 9.8.x, 9.9.0->9.9.7-P1, 9.10.0->9.10.2-P2 I interpret that it affects all versions between 9.9.0 and 9.9.7-P1. Therefore I prepared an update for Evergreen/11.4. Updates for 13.1 and 13.2 seem to be on their way. So you really would need to patch your Bind on 12.3. I just compared the Evergreen/11.4 and 12.3 version and you should be able to safely build the same package for 12.3. If you are familiar with OBS that would be easy to do. Wolfgang -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org