[BlueOnyx:18117] Re: BIND security update
Michael Stauber
mstauber at blueonyx.it
Wed Jul 29 13:08:45 -05 2015
Hi Matt,
> We recently heard about security updates to address a vulnerability in BIND: https://kb.isc.org/article/AA-01272
>
> Do we know what versions (if any) of BlueOnyx might be susceptible?
>From the version numbers listed at https://kb.isc.org/article/AA-01272 I
would assume that Bind on all BlueOnyx versions would be affected.
I can see that the Bind on 5209R already seems to be fixed:
#> rpm -q --changelog bind |more
* Mo Jul 27 2015 Florian Weimer <fweimer at redhat.com> - 32:9.9.4-18.3
- Fix CVE-2015-5477
I checked the changlog of the BIND RPMs on CentOS6/SL6 and CentOS5 and
couldn't find such a reference to a fix for CVE-2015-5477.
So I checked at RedHat:
https://access.redhat.com/security/cve/CVE-2015-5477
It looks like they published updated BIND versions for EL5, EL6 and EL7.
But CentOS only managed to push out the CentOS7 version of it.
I'd assume the CentOS5 & 6 versions will be out pretty soon. If they
have nothing within the next 36 hours I'll grab the RedHat SRPMs and
will build updated BIND RPMs to distribute them via the BlueOnyx YUM
repository. Wouldn't be the first time.
--
With best regards
Michael Stauber
More information about the Blueonyx
mailing list