> > Hi all,
> >
> > there is an updated Bind9 RPM on the CentOS + BlueQuartz
> YUM repository.
> >
> > Anyone who is running a DNS server on his BlueQuartz should
> urgently run
> > "yum
> > update" and install the updated Bind 9 RPM - if your server
> hasn't already
> > fetched it automatically last night.
> >
> > The updated and therefore fixed Bind 9 RPMs have the
> following version
> > numbers:
> >
> > bind-utils-9.2.4-27.0.1.el4
> > bind-libs-9.2.4-27.0.1.el4
> > bind-9.2.4-27.0.1.el4
> > bind-chroot-9.2.4-27.0.1.el4
> >
> > More information on the problem:
> >
> > http://isc.sans.org/diary.html?storyid=3181
> >
> > The problem with the vulnerable Bind 9 is quite severe.
> Basically an
> > attacker
> > can poison your DNS cache quite easily and can therefore
> redirect traffic
> > to
> > other hosts than the ones you (or your users) intended to
> go to. Turning
> > off
> > DNS caching prevents this, but for many users this isn't an option.
> >
> > Poisoning should usually be very difficult, because it
> should be next to
> > impossible to guess or interpolate the correct 16-bit
> transaction ID, as
> > there are more than 65000 different combinations possible.
> >
> > However, the Bind programmers screwed up and an attacker
> just has to do
> > one
> > query, check the transaction ID and interpolate three of
> the 16 bits to
> > guess
> > the next valid transaction ID. Three bits boils down to 10 possible
> > combinations, so it can be brute-forced easily.
> >
> > --
> > With best regards,
> >
> > Michael Stauber
> > http://www.solarspeed.net
>
> Michael
>
>
> In updating one of my servers I get:
> xorg-x11-xfs-6.8.2-1.EL.1 100% |=========================|
> 264 kB 00:00
> ---> Package xorg-x11-xfs.i386 0:6.8.2-1.EL.19 set to be updated
> --> Running transaction check
> --> Processing Dependency: /usr/bin/ttmkfdir for package: xorg-x11-xfs
> --> Processing Dependency: xorg-x11-libs = 6.8.2-1.EL.19 for package:
> xorg-x11-xfs
> --> Restarting Dependency Resolution with new changes.
> --> Populating transaction set with selected packages. Please wait.
> ---> Package ttmkfdir.i386 0:3.0.9-20.el4 set to be updated
> --> Running transaction check
> --> Processing Dependency: xorg-x11-libs = 6.8.2-1.EL.19 for package:
> xorg-x11-xfs
> --> Finished Dependency Resolution
> Error: Missing Dependency: xorg-x11-libs = 6.8.2-1.EL.19 is needed by
> package xorg-x11-xfs
>
>
> Anyone have any ideas on how to fix this?
>
>
> For now I just did a
> yum update bind
> which seems to update it.
>
>
> ----
> Ken Marcus
Could you install xorg-x11-libs = 6.8.2-1.EL.19 manually, say from Dag's
repo?
I just had similar problem while updating clamav: had to install 1 from 4
packages manually (clamav-db), then just intuitively re-run yum and -
rejoice! It had installed without major glitches.
The only thing: it re-installed the installed package again.
Another weirdness: after installing that package manually and BEFORE I run
yum again, I checked with rpm - it has no clue about that package, although
seconds earlier I saw rpm successfully installing it - ??
Anyway, it works now.
Best,
--
Arthur Sherman