One of my customers did a vulnerability test on my server and he’s sent me a report containing several BIND issues, like:
- “Obsolete ISC BIND installation: ISC BIND Versions 9.4-ESV-R5 or earlier are considered obsolete and will not receive any update from the supplier, even the most critical.”
My box is a Centos 5.7, the reported BIND version is BIND version 9.3.6, under chroot /var/named/chroot
I’ve updated every single package that was available last week, and on the System Information Page I don’t have any package available to update. So I’m pretty sure my system is up to date.
So, is it possible that BIND is not up to date? Or is it not showing the correct version? Either way, how do I show to my customer that the system is up to date?