I quote directly from the BIND homepage (the URL above): <P> "If you are running a version of BIND prior to 8.2.2 patchlevel 3, we recommend you upgrade to the current version for security reasons. If you are running BIND 8.2.2-P3, and compiled it yourself, we recommend you upgrade to 8.2.2-P5 to correct a named-xfer problem. <B>If your vendor-provided BIND is 8.2.2-P3, you should consult their documentation and confirm that the named-xfer bug has been patched.</B>"<BR> (emphasis mine) <P> As the most recent packages for Red Hat 6.1 (and possibly older releases too) are 8.2.2-P3, I question if this has been fixed. <P> Another quote from http://www.sans.org/topten.htm discussing various security vulnerabilities in bind: "As of May 22, 2000, any version earlier than BIND v.8.2.2 patch level 5 is vulnerable." <P> Maybe time for new bind packages for older versions of Red Hat?
They got the wrong release number - 8.2.2p3 is not affected. Actually the P3 package we're shipping has almost all patches that made it into p5.
Closing old resolved bugs.