Upgrade/Patch Bind

Diskusi tentang Ubuntu Server baik webserver, database server, samba server dan service lainnya serta jaringan menggunakan Sistem Operasi Ubuntu.
User avatar
444HH
Posts: 4
Joined: 27 Jul 2013, 23:58

Upgrade/Patch Bind

Postby 444HH » 28 Jul 2013, 00:05

Permisis Juragan2,

mau tanya cara upgrade/patch bind, udah keliling2 tapi nemu cara upgrade/patch bukan buat Ubuntu...
User avatar
q_p
Posts: 3109
Joined: 14 Oct 2012, 13:01
Contact:

Re: Upgrade/Patch Bind

Postby q_p » 28 Jul 2013, 00:54

Lebih spesifik mas, kalau upgrade dari v-berapa ke v-berapa ? Kalau mau patch, apa yang kurang dari bind sehingga perlu patching ?
User avatar
444HH
Posts: 4
Joined: 27 Jul 2013, 23:58

Re: Upgrade/Patch Bind

Postby 444HH » 28 Jul 2013, 21:33

ini dapet email dari millis :
>>>>>>
>>>>>>
Guys, ini ada peringatan keamanan dari ISC tentang DNS BIND yang dapat mengakibatkan
terjadinya sistem DNS anda crash.

Terjemahan versi Bahasa Indonesianya sedang disiapkan oleh ID-CERT dan akan
dibagikan terlebih dahulu kepada Anggota/Mitra/Pendukung.

Terima kasih,
Ahmad Alkazimy
ID-CERT

IMPORTANT: The security issue described below has been confirmed by ISC
to be 'in the wild' as of 18:00UTC July 26, and exploitation of this
vulnerability against production servers has been reported by multiple
organizations. Please be advised that immediate action is recommended. A specially
crafted query can cause BIND to terminate
CVE: CVE-2013-4854
Document Version: 2.0
Posting date: 26 July 2013
Program Impacted: BIND
Versions affected: Open source: 9.7.0->9.7.7, 9.8.0->9.8.5-P1, 9.9.0->9.9.3-P1,
9.8.6b1 and 9.9.4b1; Subscription: 9.9.3-S1 and 9.9.4-S1b1
Severity: Critical
Exploitable: Remotely
Description: A specially crafted query that includes malformed rdata can cause named
to terminate with an assertion failure while rejecting the malformed query. BIND 9.6
and BIND 9.6-ESV are unaffected by this problem. Earlier branches of BIND 9 are
believed to be unaffected but have not been tested. BIND 10 is also unaffected by
this issue. Please Note: All versions of BIND 9.7 are known to be affected, but
these branches are beyond their "end of life" (EOL) and no longer receive testing or
security fixes from ISC. For current information on which versions are actively
supported, please see
http://www.isc.org/downloads/software-s ... re-status/. Impact:
Authoritative and recursive servers are equally vulnerable. Intentional exploitation
of this condition can cause a denial of service in all nameservers running affected
versions of BIND 9. Access Control Lists do not provide any protection from
malicious clients. In addition to the
named server, applications built using libraries from the affected source
distributions may crash with assertion failures triggered in the same fashion. CVSS
Score: 7.8 CVSS Equation: (AV:N/AC:L/Au:N/C:N/I:N/A:C) For more information on
the Common Vulnerability Scoring System and
to obtain your specific environmental score please visit:
http://nvd.nist.gov/cvss.cfm?calculator ... :N/I:N/A:C)
Workarounds: No known workarounds at this time. Active exploits: Crashes have been
reported by multiple ISC customers. First observed in the wild on 26 July 2013,
18:00 UTC. Solution: Upgrade to the patched release most closely related to your
current version of BIND. Open source versions can all be downloaded from
http://www.isc.org/downloads. Subscription version customers will be contacted
directly by ISC Support regarding delivery. BIND 9 version 9.8.5-P2 BIND 9 version
9.9.3-P2 BIND 9 version 9.9.3-S1-P1 (Subscription version available via DNSco)
Acknowledgements: ISC would like to thank Maxim Shudrak and the HP Zero Day
Initiative for reporting this issue. Document Revision History: 1.0 Phase One
Advance
Notification, 18 July 2013 1.1 Phases Two and Three Advance Notification, 26 July
2013 2.0 Notification to public (Phase Four), 26 July 2013 Related Documents:
Spanish Translation: planned Japanese Translation:
https://kb.isc.org/article/AA-01023 Portuguese Translation:
https://kb.isc.org/article/AA-01021 See our BIND Security Matrix for a complete
listing of Security
Vulnerabilities and versions affected. This Knowledge Base article
https://kb.isc.org/article/AA-01016 provides additional information and Frequently
Asked Questions about
this advisory. If you'd like more information on our product support or about our
Subscription versions of BIND, please visit http://www.dns-co.com/solutions Do you
still have questions? Questions regarding this advisory
should go to security-officer@isc.org. To report a
new issue,
please encrypt your message using
security-officer@isc.org's PGP
key which can be found here:
https://www.isc.org/downloads/software- ... penpgp-key If you are unable
to use encrypted email, you may also report new
issues at: https://www.isc.org/mission/contact/. Note: ISC patches only currently
supported versions. When possible we indicate EOL versions affected. ISC Security
Vulnerability Disclosure Policy: Details of our current security advisory policy and
practice can be found here: ISC Software Defect and Security Vulnerability
Disclosure Policy This Knowledge Base article https://kb.isc.org/article/AA-01015 is
the complete and official security advisory document. Legal Disclaimer: Internet
Systems Consortium (ISC) is providing this notice on an "AS IS" basis. No warranty
or guarantee of any kind is expressed in this notice and none should be implied. ISC
expressly excludes and disclaims any warranties regarding this notice or materials
referred to in this notice, including, without limitation, any implied warranty of
merchantability, fitness for a particular purpose, absence of hidden defects, or of
non-infringement. Your use or reliance on this notice or
materials referred to in this notice is at your own risk. ISC may change this
notice at any time. A stand-alone copy or paraphrase of the text of this document
that omits the document URL is an uncontrolled copy. Uncontrolled copies may lack
important information, be out of date, or contain factual errors. (c) 2001-2013
Internet Systems Consortium
User avatar
q_p
Posts: 3109
Joined: 14 Oct 2012, 13:01
Contact:

Re: Upgrade/Patch Bind

Postby q_p » 28 Jul 2013, 22:25

Saya menggunakan "BIND 9.8.1-P1", sekitar tanggal 25-26 sering crash. Apa ada hubungannya dengan ini ya ? Dari mailling yang anda lampirkan, solusi yang ditawarkan =
  • Upgrade to the patched release most closely related to your current version of BIND.
  • Open source versions can all be downloaded from http://www.isc.org/downloads.
  • Subscription version customers will be contacted directly by ISC Support regarding delivery.
  • BIND 9 version 9.8.5-P2, BIND 9 version 9.9.3-P2 dan BIND 9 version 9.9.3-S1-P1 (Subscription version available via DNSco)
Untuk BIND 9 version 9.9.3-S1-P1 =
http://www.linuxfromscratch.org/blfs/vi ... /bind.html
User avatar
444HH
Posts: 4
Joined: 27 Jul 2013, 23:58

Re: Upgrade/Patch Bind

Postby 444HH » 29 Jul 2013, 15:10

bisa jadi om,
detail status bind disini http://www.isc.org/downloads/software-s ... re-status/
User avatar
sipelaut
Posts: 1963
Joined: 03 Jan 2010, 17:25
Location: madura-sampang
Contact:

Re: Upgrade/Patch Bind

Postby sipelaut » 30 Jul 2013, 12:22

heheheee... ane makek unbound
lom pernah ngalamin crash..
mungkin karena difungsikan buat ngecache kali yaahh ???
User avatar
q_p
Posts: 3109
Joined: 14 Oct 2012, 13:01
Contact:

Re: Upgrade/Patch Bind

Postby q_p » 30 Jul 2013, 13:32

Pakai dua-duanya secara bergiliran. pas ngoprek bind, unbound bisa dijadikan pegangan. Tinggal dimainkan 'update-rc.d"

Return to “Ubuntu Server”

Who is online

Users browsing this forum: No registered users and 33 guests