Serious DNS vulnerabilities – update for bind available

In the light of yesterday’s large coordinated release of DNS related updates to various products, I would like to point you to the updated bind packages in the portage tree.

  • net-dns/bind-9.4.2_p1 is currently being marked stable on all supported architectures
  • net-dns/bind-9.5.0_p1 has been committed with unstable keywords

Nameservers should be updated quite soon, since this issue should be considered serious.

A GLSA will be published after all security architectures have marked the affected package stable. The progress can be followed in bug #231201.

For more information have a look at the following links and the references therein:

Also note that if you are restricting the used outgoing ports of your nameserver by a firewall for example, this policy should be revisited.

Update 2008-07-11:
GLSA 200807-08 has just been released to address this issue.

Ma(r)x Planck!?

Yesterday was the 150th birthday of Max Planck, one of the probably most famous physicists. But was his name really Max or was it actually Marx, as Spiegel Online reports. According to an old church book, it appears to be Marx, which is said to be common for the latin name Marcus. Let’s wait what even more experts say… and the Max Planck Society, which reportedly only heard about it by a phone call from Spiegel.

Personally I don’t consider this such a big issue, but a funny story ­čśë

Searching the web for “marx planck” or even “marx-planck-institute” gives actually quite a few results from non-german sites/publications mentioning Max Planck institutes. That makes me actually wonder how new this ‘discovery’ even is or if it is just some kind of a typo or something on those sites.

The director of the archive of the Max Planck Society comments on the name question in a press release. Really no big issue here.

etckeeper – keeping /etc in a git repository

When having a look at git yesterday, I stumbled upon etckeeper, a tool to keep /etc in a git (or mercurial) repository and also keeps the metadata (file permissions, …) in the repo making use of metastore.

It hooks into apt but I used /etc/portage/basrc to call it before and after installing a package:

case “$EBUILD_PHASE” in
elog “Running etckeeper pre-install…”
/usr/bin/etckeeper pre-install
elog “Running etckeeper post-install…”
/usr/bin/etckeeper post-install

One could also modify /etc/etckeeper/post-install.d/50vcs-commit to include the package name etc. in the commit message while emerging:

— a/post-install.d/50vcs-commit
+++ b/post-install.d/50vcs-commit
@@ -2,5 +2,12 @@
set -e

if etckeeper unclean; then
– etckeeper commit “committing changes after $HIGHLEVEL_PACKAGE_MANAGER run”
+ portage)
+ etckeeper commit “committing changes after $HIGHLEVEL_PACKAGE_MANAGER run ($CATEGORY/$P)”
+ ;;
+ *)
+ etckeeper commit “committing changes after $HIGHLEVEL_PACKAGE_MANAGER run”
+ ;;
+ esac

There are probably other/better ways to accomplish this and more…

Anyways… etckeeper looks like a nice and very flexible tool to keep /etc in a repository if one wants to.