[Nevis-linux] Admin server upgrade 2PM 04-Aug-08

William Seligman seligman at nevis.columbia.edu
Tue Jul 29 12:12:22 EDT 2008


An serious security vulnerability has been found in the standard DNS servers 
implemented on many systems, including those at Nevis:

<http://www.kb.cert.org/vuls/id/800113>
<http://www.doxpara.com/>

The potential impact at Nevis is not great, since the Nevis DNS servers will 
only respond to requests from Nevis systems.  Still, it is possible for someone 
to bring an infected laptop to Nevis and potentially compromise DNS lookups at 
Nevis.

The only solution is to patch the DNS software.  However, the DNS servers at 
Nevis are using unsupported versions of Fedora Linux, and therefore cannot be 
patched directly.

Therefore, I'm going to upgrade the two affected machine.  One of them is 
hypatia.nevis.columbia.edu.  I will upgrade that system on Monday, Aug 4, 
starting at about 2PM.  This is the central administrative server at Nevis, but 
I have upgraded it before with no impact on the Nevis services.

The second server is franklin.nevis.columbia.edu, the mail server.  Assuming 
that there are no problems with the hypatia upgrade, I will upgrade franklin the 
following week.

Since a mail server outage is a significant interruption, I will make a wider 
announcement once I understand how long an upgrade to Fedora 9 will take.

-- 
Bill Seligman             | Phone: (914) 591-2823
Nevis Labs, Columbia Univ | mailto://seligman@nevis.columbia.edu
PO Box 137                | http://www.nevis.columbia.edu/~seligman/
Irvington NY 10533 USA    | XDI: http://public.xdi.org/=william.seligman
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3277 bytes
Desc: S/MIME Cryptographic Signature
Url : http://listserv.nevis.columbia.edu/pipermail/nevis-linux/attachments/20080729/29e69051/attachment.bin 


More information about the Nevis-linux mailing list