# cd /usr/src

# patch < /patch/to/patch

# cd /usr/src/lib/libbind

# make depend && make && make install

# cd /usr/src/lib/libisc

# make depend && make && make install

# cd /usr/src/usr.sbin/named

# make depend && make && make install

# cd /usr/src/libexec/named-xfer

# make depend && make && make install

Openwall Project web site (www.openwall.com) notes that BIND 4.9.10-OW2 includes the patch provided by ISC and is likely to become 4.9.11-OW1 once BIND 4.9.11 is officially released.

Alan Olsen from Wirex send a post to immunix-users mailing list that he built new Bind 9 RPM's but they are not tested and should be used at your own risk:

"They are built off of the latest patched Redhat RPMs, so they should work. But be warned that if they cause your cat to go bald, paint to peel off your house or you mother-in-law to move in with you, well...


http://download.immunix.org/ImmunixOS/7+-beta/contrib/

bind-9.2.1-0.70.2_imnx_1.i386.rpm 13-Nov-2002 14:48 1.7M

bind-9.2.1-0.70.2_imnx_1.src.rpm 13-Nov-2002 14:44 3.8M

bind-devel-9.2.1-0.70.2_imnx_1.i386.rpm 13-Nov-2002 14:48 860k

bind-utils-9.2.1-0.70.2_imnx_1.i386.rpm 13-Nov-2002 14:48 601k

They are not gpg signed at the moment. They probably should be. They are not official, so I have not signed them... That may change, depending on the feedback I get."

Olaf Kirch from SuSE Linux team noted on BugTraq that "...I believe ISC have been sitting on this for almost a month. The CVE IDs were assigned October 16, and I have reason to believe that they learned of this no later than October 23." Read his opinion over at Neohapsis archives.