[opensuse] bind in OS 12.3
Hi list, I'm running a server that is still on 12.3 (update scheduled for autumn). There has been a security alert concerning bind (CVE-2015-5477), and now I wonder if I need to do something. Acording to heise.de (http://www.heise.de/newsticker/meldung/Kritische-Luecke-in-DNS-Server-Softwa..., in german) affected versions are 9, 9.1.0, 9.9.7-P1 Und 9.10.2-P2 12.3 (like 13.1) has 9.9.4P2, so I thought I'm safe, but today arrived an update for this exact version for 11.4 Evergreen. Are there others still running bind on 12.3? What are you doing? Thanks, Pit -- Dr. Peter "Pit" Suetterlin http://www.astro.su.se/~pit Institute for Solar Physics Tel.: +34 922 405 590 (Spain) P.Suetterlin@royac.iac.es +46 8 5537 8507 (Sweden) Peter.Suetterlin@astro.su.se -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On Fri, 31 Jul 2015 13:15:53 +0200
"Carlos E. R."
On 2015-07-31 12:29, P.Suetterlin@royac.iac.es wrote:
Hi list,
I'm running a server that is still on 12.3 (update scheduled for autumn).
You should change that schedule :-)
If P.Sutterlin can manage to patch his server himself, then autumn upgrade seems right to me. If he upgrades to 13.1 today, he will need to upgrade again in about a year. If he waits until November, he can install Leap, which I believe will be the next Evergreen release, and have support for at least two more years. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 On 2015-07-31 16:33, Andrew McGinnis wrote:
If P.Sutterlin can manage to patch his server himself,
If that's the only hole... :-? - -- Cheers / Saludos, Carlos E. R. (from 13.1 x86_64 "Bottle" (Minas Tirith)) -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.22 (GNU/Linux) iF4EAREIAAYFAlW7iesACgkQja8UbcUWM1z2lQD9Hjy0gnRtWcgXZTqYB+Fv/x+u 5XW8opuQUYtbXS8agnoA/Azz/7om9zRKb0MNd/x6ZVqWNczorx7sq4Wku4+VJ+WK =9dzq -----END PGP SIGNATURE----- -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On Fri, 31 Jul 2015 16:44:59 +0200 "Carlos E. R."
On 2015-07-31 16:33, Andrew McGinnis wrote:
If P.Sutterlin can manage to patch his server himself,
If that's the only hole... :-?
Agreed, there will likely be more holes. If P. Sutterlin continues to monitor software vulnerabilities, as he seems to have been doing, he may be alright until November; it will be very time-consuming though. However he chooses to upgrade, he should probably upgrade to an Evergreen release. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
Andrew McGinnis wrote:
On Fri, 31 Jul 2015 13:15:53 +0200 "Carlos E. R."
wrote: You should change that schedule :-)
If P.Sutterlin can manage to patch his server himself, then autumn upgrade seems right to me. If he upgrades to 13.1 today, he will need to upgrade again in about a year. If he waits until November, he can install Leap, which I believe will be the next Evergreen release, and have support for at least two more years.
Hehe, thanks for the support. Was indeed my hope/idea, but I'll first wait for some user reactions. And thanks Carlos for your legitimate concerns. I think it's the only current hole - but you never know. The update should have been in spring but had to be delayed due to personal reasons, and during summer I cannot do that.... Happy weekend, Pit -- Dr. Peter "Pit" Suetterlin http://www.astro.su.se/~pit Institute for Solar Physics Tel.: +34 922 405 590 (Spain) P.Suetterlin@royac.iac.es +46 8 5537 8507 (Sweden) Peter.Suetterlin@astro.su.se -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 2015-07-31 17:16, P.Suetterlin@royac.iac.es wrote:
And thanks Carlos for your legitimate concerns. I think it's the only current hole - but you never know. The update should have been in spring but had to be delayed due to personal reasons, and during summer I cannot do that....
Sure :-) We can not always do what we wish. -- Cheers / Saludos, Carlos E. R. (from 13.1 x86_64 "Bottle" at Telcontar)
Hi, Am 31.07.2015 um 12:29 schrieb P.Suetterlin@royac.iac.es:
I'm running a server that is still on 12.3 (update scheduled for autumn). There has been a security alert concerning bind (CVE-2015-5477), and now I wonder if I need to do something.
Acording to heise.de (http://www.heise.de/newsticker/meldung/Kritische-Luecke-in-DNS-Server-Softwa..., in german) affected versions are 9, 9.1.0, 9.9.7-P1 Und 9.10.2-P2
12.3 (like 13.1) has 9.9.4P2, so I thought I'm safe, but today arrived an update for this exact version for 11.4 Evergreen.
Are there others still running bind on 12.3? What are you doing?
according to https://kb.isc.org/article/AA-01272 it says: 9.1.0 -> 9.8.x, 9.9.0->9.9.7-P1, 9.10.0->9.10.2-P2 I interpret that it affects all versions between 9.9.0 and 9.9.7-P1. Therefore I prepared an update for Evergreen/11.4. Updates for 13.1 and 13.2 seem to be on their way. So you really would need to patch your Bind on 12.3. I just compared the Evergreen/11.4 and 12.3 version and you should be able to safely build the same package for 12.3. If you are familiar with OBS that would be easy to do. Wolfgang -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
Hi Wolfgang, thanks for the detailed info! Wolfgang Rosenauer wrote:
according to https://kb.isc.org/article/AA-01272 it says: 9.1.0 -> 9.8.x, 9.9.0->9.9.7-P1, 9.10.0->9.10.2-P2
I interpret that it affects all versions between 9.9.0 and 9.9.7-P1.
Indeed makes sense that way.
Therefore I prepared an update for Evergreen/11.4. Updates for 13.1 and 13.2 seem to be on their way.
So you really would need to patch your Bind on 12.3.
Will do.
I just compared the Evergreen/11.4 and 12.3 version and you should be able to safely build the same package for 12.3. If you are familiar with OBS that would be easy to do.
Guess I'll grab the srpm and build myself :) Thanks again! Pit -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
participants (4)
-
Andrew McGinnis
-
Carlos E. R.
-
P.Suetterlin@royac.iac.es
-
Wolfgang Rosenauer