A new DNS vulnerability has been found!
hm, i wonder how long it will take for Centos to release that patch. I hope this year......
Debian already has released the security update for bind.
thx for the heads up. just updated.
Jus little advice.
<div class='quote'>Use FreeBSD.</div>
Because FreeBSD doesn't run BIND! Oh, wait...it does run BIND. What were you saying, again? ;-)
Check out the forum guidelines!
What does FreeBSD have to do with BIND ?
If there is a security issue with a program it does care what distro it is because all will have the same security weakness that's why we UPDATE !
opps *doesn't* care
Apparently this exploit is in the wild now.
who cares - everyone should be updated by now and if they aren't they need to start paying attention to there distro's updates.
If you are scared that your DNS is crap look at http://www.doxpara.com/ -- BTW the Apple idiots FAILED to update there DNS servers LOL
Yep, everybody needs to update BIND immediately, if you haven't already. It primarily effects recursive name servers, as it is a cache poisoning exploit--I don't believe it effects authoritative service at all, which is what most folks use BIND for in a Virtualmin system--but have trustworthy name service at all points in the chain is absolutely vital for security.
Imagine downloading a piece of software...asking for PHP.net, and instead getting badguys.net instead, which happens to have a complete mirror of the PHP.net website, and an exploited copy of PHP for you to download. Just an example, of course, and I expect most Virtualmin users are using RPM or deb packages, which are signed in modern systems--so you can know if you're getting a package from a trustworthy source or not, even if the download is compromised somehow.
Centos as a bind update available. I just installed it via yum.