Dear Customer, Escalations Supplement erg712479b, the UnixWare BIND Package, addresses the following problems Problem Fixed ------------- SECURITY: Cache poisoning in BIND Contents -------- /usr/sbin/addr /usr/sbin/dig /usr/sbin/dnskeygen /usr/sbin/dnsquery /usr/sbin/host /usr/sbin/in.named /usr/sbin/irpd /usr/sbin/mkservdb /usr/sbin/named-bootconf /usr/sbin/named-bootconf.pl /usr/sbin/named-xfer /usr/sbin/ndc /usr/sbin/nslookup /usr/sbin/nsupdate Warning ------- This is a fix package produced by The SCO Group, Inc. Escalations and is not intended for general distribution. It has been produced to address a particular problem and has not been tested in all system configurations. Software Notes and Recommendations ---------------------------------- erg712479b should only be installed on: UnixWare 7.1.1 If your system is running any libraries or commands that are contained in this SLS, then these programs will continue to run with the old versions of these libraries or commands until the the system is rebooted. Note that when all necessary patches have been installed, it is good practice to reboot the system at the earliest opportunity. This will ensure that no programs continue to run with the old libraries or commands. Installation Instructions ------------------------- 1. Download the erg712479b.Z file to the /tmp directory on your machine. 2. As root, uncompress the file and add the package to your system using these commands: $ su Password: # uncompress /tmp/erg712479b.Z # pkgadd -d /tmp/erg712479b # rm /tmp/erg712479b Alternatively, this SLS package may be installed in quiet mode, that is, without displaying the release notes and asking for confirmation. To do this, use these commands: $ su Password: # uncompress /tmp/erg712479b.Z # pkgadd -qd /tmp/erg712479b all # rm /tmp/erg712479b 3. There is no need to reboot the system after installing this package. Removal Instructions -------------------- 1. As root, remove the package using these commands: $ su Password: # pkgrm erg712479 2. There is no need to reboot the system after removing this package. If you have questions regarding this supplement, or the product on which it is installed, please contact your software supplier.