[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[cobalt-users] BIND & ProFTPD

Subject: [cobalt-users] BIND & ProFTPD
From: Rene Hendrix <rhendrix@xxxxxxx>
Date: Thu Feb 8 13:09:37 2001
List-id: Mailing list for users to share thoughts on Cobalt products. <cobalt-users.list.cobalt.com>

G'Afternoon.

We here at Cobalt wanted to assure you that we are doing everything
possible to get .pkg's out the door for the recent BIND exploit as
well as the recent ProFTPD response to several security holes.

More information about the BIND exploit can be found at http://www.isc.org/
and information about the proftp vulnerabilities can be found at
http://www.securityfocus.com/archive/1/160902

Several of our customers have already been compromised by the BIND
exploit and we expect that many more are still vulnerable. Therefore,
we stongly encourage you to install the following.

Just to recap recent announcements:

BIND:
 pkg's for upgrading BIND are available on ftp://ftp.cobalt.com/ for
 the RaQ4 and RaQ3 

 Locations: 
 ftp://ftp.cobalt.com/pub/packages/raq3/eng/RaQ3-All-Security-4.0.1-9353.pkg
 ftp://ftp.cobalt.com/pub/packages/raq4/eng/RaQ4-All-Security-1.0.1-9353.pkg

 We reccomend that you log onto your server and restat named by hand
 to ensure that the upgrade takes effect. This can be done by logging
 into your server as root and running /usr/sbin/ndc restart

 If you wish to verify the version that is currently running, run
 /usr/sbin/ndc status

 Currently we only have RPMS available for all other products:

 For Qube3 and XTR:
 ftp://ftp.cobaltnet.com/pub/experimental/RPMS/i386/bind-8.2.3-C1.i386.rpm
 ftp://ftp.cobaltnet.com/pub/experimental/RPMS/i386/bind-utils-8.2.3-C1.i386.rpm
 ftp://ftp.cobaltnet.com/pub/experimental/RPMS/i386/bind-devel-8.2.3-C1.i386.rpm

 For RaQ2:
 ftp://ftp.cobaltnet.com/pub/experimental/RPMS/mips/raq2/bind-8.2.3-C2.mips.rpm
 ftp://ftp.cobaltnet.com/pub/experimental/RPMS/mips/raq2/bind-devel-8.2.3-C2.mips.rpm
 ftp://ftp.cobaltnet.com/pub/experimental/RPMS/mips/raq2/bind-utils-8.2.3-C2.mips.rpm

 For Qube1, RaQ1, Qube2:
 ftp://ftp.cobaltnet.com/pub/experimental/RPMS/mips/bind-4.9.8-C1.mips.rpm
 ftp://ftp.cobaltnet.com/pub/experimental/RPMS/mips/bind-utils-4.9.8-C1.mips.rpm

 For the above RPMS we reccomend that you log onto your server and
 restat named by hand to ensure that the upgrade takes effect. This
 can be done by logging into your server as root and running
 /usr/sbin/ndc restart

 Again, if you wish to verify the version of named that is currently
 running, run /usr/sbin/ndc status

ProFTPD:

 RPMS are avaiable at ftp://ftp.cobaltnet.com for all products:
 i386: (Qube3, RaQ3, RaQ4, XTR, CacheRaQ4)
 ftp://ftp.cobaltnet.com/pub/experimental/RPMS/i386/proftpd-1.2.0rc3-C1.i386.rpm

 mips w/ PAM: (RaQ2)
 ftp://ftp.cobaltnet.com/pub/experimental/RPMS/mips/proftpd-1.2.0rc3-C1.mips.rpm

 mips w/o PAM: (RaQ1, Qube2)
 ftp://ftp.cobaltnet.com/pub/experimental/RPMS/mips/proftpd-1.2.0rc3-C1-NOPAM.mips.rpm

As always, the RPMS are experimental and upsupported until the
official pkg is release and posted.

If you have any questions about these upgrades, please contact me
at rhendrix@xxxxxxx

Thanks

-Rene Hendrix

-- 
Rene Hendrix
Sun Microsystems
Server Appliance Business Unit
rhendrix@xxxxxxx

Follow-Ups:
- Re: [cobalt-users] BIND & ProFTPD
  - From: Mike Vanecek
- Re: [cobalt-users] BIND & ProFTPD
  - From: Mike Vanecek
- Re: [cobalt-users] BIND & ProFTPD
  - From: Boon Yeo

Prev by Date: [cobalt-users] (no subject)
Next by Date: [cobalt-users] problems with PHP4 installation
Previous by thread: Re: [cobalt-users] RAQ3 local users mail problem
Next by thread: Re: [cobalt-users] BIND & ProFTPD

Sun Cobalt Users Message Index

Sun Cobalt Users Thread Index