Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Mon, 3 Aug 2015 12:14:39 +0300
From: gremlin@...mlin.ru
To: owl-users@...ts.openwall.com
Subject: Re: bind (was: new Owl ISOs & templates)

On 2015-08-02 10:50:44 +0300, Solar Designer wrote:

 > these incorporate packages with security fixes accumulated over
 > this period, most notably including fixes for
[...]
 > BIND TKEY query DoS (CVE-2015-5477).

During the update of my servers, I found we should move the config
files into a separate bind-default-config subpackage. Those are:

/etc/control.d/facilities/ (could be the bind-control subpackage)
/etc/named.conf
/etc/rndc.conf
/var/lib/bind/etc/
/var/lib/bind/zone/

Also, absolutely all files in the /usr/share/doc/bind* should be
moved to bind-doc subpackage (neither should be left in the main
package): people who may want to read something beyond the manual
pages generally are able to install bind-doc :-)


-- 
Alexey V. Vissarionov aka Gremlin from Kremlin <gremlin ПРИ gremlin ТЧК ru>
GPG: 8832FE9FA791F7968AC96E4E909DAC45EF3B1FA8 @ hkp://keys.gnupg.net

Powered by blists - more mailing lists

Your e-mail address:

Powered by Openwall GNU/*/Linux - Powered by OpenVZ