[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[ale] Web server OS
I don't see it that way. Have a look at this excerpt from a recent
Gentoo advisory involving PowerDNS:
A remote attacker could send specially crafted queries to cause a
Denial of Service. The second vulnerability in itself does not pose a
security risk to PowerDNS Nameserver. However, not answering a query
for an invalid DNS record within a valid domain allows for a larger
spoofing window on third-party nameservers for domains being hosted by
PowerDNS Nameserver itself.
There is no known workaround at this time.
All PowerDNS users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=net-dns/pdns-188.8.131.52"
I don't think this is all that much different from what other distros'
users face as a part of routine administration. If UbuHatCentDora have
a Big Red Button for "Apply All Security Upgrades To Eveything Now,"
Gentoo does not really have that per se - but there is a Bigger Red
Button that says "Make Everything Current Now" (emerge -uD world). Just
make sure you check your circuit breakers before you hit it because
you're about to have a very busy box. :)
Pat Regan wrote:
> Jeff Hubbs wrote:
>> In Gentoo-land, each package is pretty much managed as an independent
>> unit and as such there aren't generally times where you're "forced" to
>> upgrade because updates to a distro version stop. No distro version, no
>> version-keyed updates.
> Yes, that is exactly the "feature" that is a huge flaw for me :).
> I can see a lot of situations where it would be a feature. I just see
> it as creating more work when you want to maintain a stable environment
> without security problems.