News from PANUG

News from PANUG - January 30, 2001

Table of Contents
 Bind Vulnerabilities
 DNS and Firewall Courses
 Novell and Yahoo
 PANUG/NUI Agreement

BIND VULNERABILITIES

Gregg Berkholtz, PANUG's President, writes that yesterday CERT
released advisories about Vulnerabilities in all versions of
BIND below 4.9.8 and 8.2.3. You can get detailed information
about these vulnerabilities at the following web sites:

http://www.pgp.com/research/covert/advisories/047.asp
http://www.isc.org/products/BIND/bind-security.html

The simple solution is to upgrade BIND to a later version.
If you're running Linux or xBSD, this is simple to do.
Most Linux distributions have a package that can be installed
in minutes. Even if you must install from source, it takes
only a few minutes longer.

If you're running commercial Unix, you can also upgrade BIND
but you may have more hoops to jump through or obstacles to
overcome. Your system may not have a compiler installed, or
your vendor threatens to no longer support you if you mess
with "system" software. Installing a Linux or xBSD box for
DNS is often the easiest and quickest solution.

If updating software when security holes are discovered is
something you don't have time for, you really shouldn't be
running vulnerable software. There are alternatives to BIND
that do not have a history of security holes.


DNS AND FIREWALL COURSES

PANUG is hosting one-day courses on DNS and firewalls in
February. The DNS course covers BIND as well as alternative
software such as that included in Windows 2000 and TinyDNS
for Linux. Visit the PANUG web site for details
(http://www.panug.org).


NOVELL AND YAHOO

Lloyd Betts, a PANUG member, writes that Yahoo News has a
story on Novell's future plans. This includes a GroupWise
version 6 and NetWare version 6. You can read the story at
the following URL which is broken into two lines here
because of its length.

http://dailynews.yahoo.com/h/zd/20010125/tc/
novell_making_moves_to_reverse_slide_1.html

Yahoo may be paying attention to Novell a bit more these days
because Novell's NDS eDirectory now powers Corporate Yahoo.
Visit Novell's web site for details (http://www.novell.com).


PANUG/NUI AGREEMENT

PANUG has always been affiliated with NUI - Novell's user
group support organization even though NUI has little impact
on PANUG's operations. Recently, PANUG has been asked
to sign an Affiliation Agreement that has terms that may
be considered unfavorable to PANUG and its members. The
PANUG Board faces not signing the agreement and dissolving
PANUG's 15 year relationship with NUI.

The Board would like your opinion and your feedback before it
makes this decision. You can read the Affiliation Agreement
at http://www.panug.org/articles/nui.htm