On Fri, Nov 18, 2011 at 6:11 AM, Jack Tavares <j.tava...@f5.com> wrote: > Thank you again. And I agree that upgrading is the best option, however > I was looking for any possible mitigations to the problem for the > (unfortunately unavoidable) period of time it will take vendors > to provide patched bind servers.
Which "vendors" are you talking about? AFAIK most linux distros have special release policy w.r.t. critical security updates, so they should be available not long after a CVE was published. For example: https://www.isc.org/software/bind/advisories/cve-2011-4313 => Nov 16 https://rhn.redhat.com/errata/RHSA-2011-1458.html => updated package available on Nov 17 Another alternative (if you can't wait one day) is to build the package yourself, assuming you have sufficient knowldege about patches and your distro's build system (e.g. rebuilding SRPM). -- Fajar _______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
