The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Bind Version

Discussion in 'Security' started by pgolding, Jun 18, 2014.

  1. pgolding

    pgolding Member

    Joined:
    Feb 13, 2012
    Messages:
    15
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Website Owner
    Hi

    I am running release tier 11.44.0.13 (WHM and Cpanel) - my version of BIND is showing as unsupported - how can i update to the latest release - all of my system updates are set to automatic

    MY OS is Centos 5.10

    I am no guru and would really appreciate any advice as how to make my BIND version compliant

    Thank you

    Paul
     
  2. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,854
    Likes Received:
    676
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
    Hello :)

    Bind is updated through your system package manager (YUM). Could you clarify where it shows up as unsupported?

    Thank you.
     
  3. pgolding

    pgolding Member

    Joined:
    Feb 13, 2012
    Messages:
    15
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Website Owner
    Hi Michael

    I use McAfee Secure to check platform and it returns this as a result

    EOL/Obsolete Software: ISC BIND 9.1.x - 9.5.x Detected - 9.3.6-P1-RedHat-9.3.6-20.P1.el5_8.69.3.6-P1-RedHat-9.3.6-20.P1.el5_8.6

    Thank you

    Paul
     
  4. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,854
    Likes Received:
    676
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
    The OS vendor backports patches, known as CVEs, for Bind. You can use the following command to verify this:

    Code:
    rpm -q --changelog bind | grep CVE
    Thank you.
     
  5. pgolding

    pgolding Member

    Joined:
    Feb 13, 2012
    Messages:
    15
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Website Owner
    Hi Michael

    I ran the command and it appears I am back ported, the version though still seems to be 'v9_3_3b1 - unless I am not seeing correctly. Any ideas?
    Code:
    rpm -q --changelog bind | grep CV
    - fix CVE-2012-5166
    - fix CVE-2012-4244
    - fix CVE-2012-3817
    - fix CVE-2012-1667 and CVE-2012-1033
    - fixes for CVE-2010-3762, CVE-2010-3613 and CVE-2010-3614
      CVE-2010-0097)
    - improve fix for CVE-2009-4022 (#538744)
    - fix CVE-2009-0696 (#514292)
      - bind-9.3-CVE-2008-1447.patch
      - bind-9.3-CVE-2008-0122.patch
    - CVE-2008-1447
    - CVE-2008-0122 (small buffer overflow in inet_network)
    - CVE-2007-6283 (#419421)
    - fixed cryptographically weak query id generator (CVE-2007-2926)
    - added fix for #224445 - CVE-2007-0493 BIND might crash after
    - added fix for #225229 - CVE-2007-0494 BIND dnssec denial of service
    - added upstream patch for correct SIG handling - CVE-2006-4095
    - backport selected fixes from upstream bind9 'v9_3_3b1' CVS version:
    
    Thank you

    Paul
     
  6. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,854
    Likes Received:
    676
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
  7. pgolding

    pgolding Member

    Joined:
    Feb 13, 2012
    Messages:
    15
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Website Owner
    Hi Michael

    That was after running Yum :-(

    Thank you

    Paul
     
  8. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,854
    Likes Received:
    676
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
    A test machine running CentOS 5.10 shows:

    Code:
    rpm -qa|grep bind
    bind-libs-9.3.6-20.P1.el5_8.6
    bind-libs-9.3.6-20.P1.el5_8.6
    bind-utils-9.3.6-20.P1.el5_8.6
    bind-9.3.6-20.P1.el5_8.6
    bind-devel-9.3.6-20.P1.el5_8.6
    bind-devel-9.3.6-20.P1.el5_8.6
    ypbind-1.19-12.el5_6.1
    Are you using any custom repos with YUM in /etc/yum.repos.d/ ? Do you have "bind" excluded in your /etc/yum.conf file?

    Thank you.
     
  9. pgolding

    pgolding Member

    Joined:
    Feb 13, 2012
    Messages:
    15
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Website Owner
    Hi Michael

    Can you please post in the syntax I need to be able to check please, I am not familiar with Centos - I am a Windows engineer by trade

    Thank you for your help

    Paul
     
  10. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,854
    Likes Received:
    676
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
    Feel free to open a support ticket so we can take a closer look. System package issues are often outside our scope of support, but we should be able to determine if you are using custom repos or if updates are failing. Post the ticket number here so we can update this thread with the outcome.

    Thank you.
     
  11. pgolding

    pgolding Member

    Joined:
    Feb 13, 2012
    Messages:
    15
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Website Owner
    Hi Michael

    Before I open a call I managed to view my yum.conf file

    exclude=bind-chroot courier* dovecot* exim* filesystem httpd* mod_ssl* mydns* my sql* nsd* perl* php* proftpd* pure-ftpd* ruby* spamassassin* squirrelmail*

    Does this help you at all?

    Thanks

    Paul
     
Loading...

Share This Page