On Fri, 31 Jul 2015 13:15:53 +0200 "Carlos E. R." wrote:

On 2015-07-31 12:29, P.Suetterlin@royac.iac.es wrote:

...

Hi list,

I'm running a server that is still on 12.3 (update scheduled for autumn).

You should change that schedule :-)

If P.Sutterlin can manage to patch his server himself, then autumn upgrade seems right to me. If he upgrades to 13.1 today, he will need to upgrade again in about a year. If he waits until November, he can install Leap, which I believe will be the next Evergreen release, and have support for at least two more years. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org

On Fri, 31 Jul 2015 16:44:59 +0200 "Carlos E. R." wrote:

On 2015-07-31 16:33, Andrew McGinnis wrote:

...

If P.Sutterlin can manage to patch his server himself,

If that's the only hole... :-?

Agreed, there will likely be more holes. If P. Sutterlin continues to monitor software vulnerabilities, as he seems to have been doing, he may be alright until November; it will be very time-consuming though. However he chooses to upgrade, he should probably upgrade to an Evergreen release. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org

On 2015-07-31 17:16, P.Suetterlin@royac.iac.es wrote:

And thanks Carlos for your legitimate concerns. I think it's the only current hole - but you never know. The update should have been in spring but had to be delayed due to personal reasons, and during summer I cannot do that....

Sure :-) We can not always do what we wish. -- Cheers / Saludos, Carlos E. R. (from 13.1 x86_64 "Bottle" at Telcontar)

Hi Wolfgang, thanks for the detailed info! Wolfgang Rosenauer wrote:

according to https://kb.isc.org/article/AA-01272 it says: 9.1.0 -> 9.8.x, 9.9.0->9.9.7-P1, 9.10.0->9.10.2-P2

I interpret that it affects all versions between 9.9.0 and 9.9.7-P1.

Indeed makes sense that way.

Therefore I prepared an update for Evergreen/11.4. Updates for 13.1 and 13.2 seem to be on their way.

So you really would need to patch your Bind on 12.3.

Will do.

I just compared the Evergreen/11.4 and 12.3 version and you should be able to safely build the same package for 12.3. If you are familiar with OBS that would be easy to do.

Guess I'll grab the srpm and build myself :) Thanks again! Pit -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org