Ashish wrote: > This is regarding the recent security threat CVE-2009-0025. > > We are using DNS 9.3.0 and unfortunately, we cannot upgrade (management > issues) to 9.3.6 (As suggested in ISC website) > > ISC’s website suggests to Upgrade OpenSSL to at least OpenSSL 0.9.8j and > then to upgrade to 9.3.6-P1. > > Could you please advice how can I upgrade OpenSSL? Since we could not > upgrade DNS is there any other alternative for us. Could we apply the > same patch of 9.3.6-P1 on 9.3.0? Will it help resolving this issue?
I suggest that you first attempt to "patch" the "management issues" that are locking you into the use of code that has known issues and is well past End-Of-Life. Beyond that, you can follow the instructions in the section of https://www.isc.org/node/389 labeled "Workarounds" / "9.3.0" that explains how to disable the use of the DSA algorithm. AlanC
signature.asc
Description: OpenPGP digital signature
_______________________________________________ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
