HPE Community
Operating System - HP-UX
1835177 Members
2226 Online
110077 Solutions
New Discussion

HP Supported BIND Version

 
SOLVED
Go to solution
Kenneth Penland
Frequent Advisor

‎08-06-2007 05:22 AM

‎08-06-2007 05:22 AM

HP Supported BIND Version

It looks like BIND version 9.3.2 is the latest and greatest verion that is supported by HP currently. However there is a new CERT out that says that this version is vulnerable and to upgrade to at least 9.3.4-P1.
Does anyone know when HP will come out with a newer "supported" version?
0 Kudos
7 REPLIES 7
Steven E. Protter
Exalted Contributor

‎08-06-2007 05:43 AM

‎08-06-2007 05:43 AM

Re: HP Supported BIND Version

Shalom,

The HP supported version of BIND is provided by HP on http://software.hp.com

The site is down for me, but if you search for BIND, you will find it there.

HP does considerable testing on new releases to insure no negative impact on systems. They also have a mysterious (to me) method of deciding what releases to port and test.

If they decide to port and test its usually several months from when BIND is released and release of a new version of on the above site.

Critical security fixes are provided through binary release in some cases.

https://h30046.www3.hp.com/subprofile.php?SUBS=ITRC

You can sign up in the link above, which you may need to cut and paste into your browser.

If there is a binary response to this CERT, you will find it there.

Note also that unless you are exposed to the public Internet many CERT releases are important to deal with but need not be treated as production down emergencies.

SEP
Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
0 Kudos
Kenneth Penland
Frequent Advisor

‎08-06-2007 06:33 AM

‎08-06-2007 06:33 AM

Re: HP Supported BIND Version

The vulnerability I am referring to is:
ISC Bind Remote Cache Poisoning Vulnerability (IAVA 2007-A-0039)

and I can't seem to find it anywhere on HP's site. Even the CERT itself does not refer to HP's site, but rather www.isc.org for an "unaffected version".

what my security folks are asking me for is a date when there will be an HP supported version available, so I need to know if/when a new version will be released?
0 Kudos
A. Clay Stephenson
Acclaimed Contributor

‎08-06-2007 06:48 AM

‎08-06-2007 06:48 AM

Re: HP Supported BIND Version

One option would be to download the source from www.isc.org and build it yourself. A lot can be said for getting the product directly from the horse's mouth --- and ISC has patches for BIND and DHCP before anyone else. These are some of the few products I actually prefer to build rather than using HP's binaries --- sometimes because the new features that I need are available nowhere else and because the security patches are available quickly. I've never had a problem with security auditors as long as a given version is displayed BUT if it must be a supported version, you can get support from ISC as well.
If it ain't broke, I can fix that.
0 Kudos
Pete Randall
Outstanding Contributor

‎08-06-2007 06:49 AM

‎08-06-2007 06:49 AM

Re: HP Supported BIND Version

That's a tough question for a user forum to answer when you're really looking for an official HP response.

Your only hope is that an HP person that is active on the Forums has an answer for you.


Pete

Pete
0 Kudos
Kenneth Penland
Frequent Advisor

‎08-06-2007 07:37 AM

‎08-06-2007 07:37 AM

Re: HP Supported BIND Version

True..True... Pete..but I guess I was hoping for an answer like: "here is a link to HP's estimated software release dates web page" or something like that.

Problem I run into is being a government agency, we get orders from up on high saying we must be secure, but those same people also say we must use "supported" software provided by HP.

Thanks for your thoughts, this looks like it is going to have to be left up to the management folks to figure out.
0 Kudos
Sameer_Nirmal
Honored Contributor

‎08-06-2007 08:32 AM

‎08-06-2007 08:32 AM

Solution

Re: HP Supported BIND Version

As per the SECURITY BULLETIN published at

http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01123426&dimid=1445121192&dicid=alr_aug07&jumpid=em_alerts/us/aug07/all/xbu/emailsubid/mrm/mcc/loc/rbu_category-HPSBUX02251SSRT071/alerts

it seems that the issue is addressed.
0 Kudos
Kenneth Penland
Frequent Advisor

‎08-06-2007 09:24 AM

‎08-06-2007 09:24 AM

Re: HP Supported BIND Version

sweet, thank you...that was a tough one to locate!
0 Kudos
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.