Which is better?
1 - IBM issues one new version of DNS Bind at the launch of an operating
system version and then just patches that with PTF's?
2 - IBM comes out with new versions of DNS Bind as they become available?
Here's the issue. There are numerous CVE's concerning serving up DNS
Bind. Each new level of DNS Bind must include repairs for certain CVE's.
We have IBM run security scanning on us and they keep dinging us because
our DNS Bind is so out of date. The team from IBM i says we realize that
the Bind level is obsolete, however if you not only scan for the bind
level but also scan for what PTF's are loaded, what version of the OS is
loaded and scan elsewhere on the internet to discover what PTF's address
what CVE(s) then you'll see we have those concerns addressed.
The scanning team from IBM says something to the effect "interesting, but
we're not altering our tool to do all that crap, just upgrade the bind".
Would all this discussion on altering PASE make a difference, or would IBM
continue to follow their current business plan on DNS Bind?
Note: CVE are individual security concerns published on the internet. For
example the POODLE thing was a CVE (or set of CVEs) that all the myriad
vendors had to address their own ways.
I will say that IBM is becoming more open about this stuff. What used to
just say "Integrity concern" on a PTF cover letter will now say something
like addresses CVE such and such. The days of security by obscurity are
flying out the door.
As an Amazon Associate we earn from qualifying purchases.
This thread ...
Re: Running SQL Workbench console from PASE, (continued)
This mailing list archive is Copyright 1997-2021 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact
Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.