As soon as RHEL does. On 03/10/2016 02:13 PM, Leonardo Oliveira Ortiz wrote:> CentOS will provide an update to fix it? > > ________________________________________ > De: centos-bounces at centos.org [centos-bounces at centos.org] em nome de Alice Wonder [alice at domblogger.net] > Enviado: quinta-feira, 10 de mar?o de 2016 15:31 > Para: centos at centos.org > Assunto: Re: [CentOS] CVE-2016-1285 & CVE-2016-1286 > > On 03/10/2016 07:13 AM, Michael H wrote: >> On 10/03/16 14:47, Leonardo Oliveira Ortiz wrote: >>> Hello. >>> >>> I think Centos are affected, right? >>> >>> Some update from Centos? >>> _______________________________________________ >>> CentOS mailing list >>> CentOS at centos.org >>> https://lists.centos.org/mailman/listinfo/centos >>> >> >> Sure looks that way... >> >> https://access.redhat.com/security/cve/cve-2016-1285 >> https://access.redhat.com/security/cve/cve-2016-1286 >> >> > > I don't think NSD is impacted, which is what I use for authoritative > nameserver. There's an EPEL package. NSD is authoritative only, which is > why I use it. > > No clue about unbound. > > _______________________________________________ > CentOS mailing list > CentOS at centos.org > https://lists.centos.org/mailman/listinfo/centos > _______________________________________________ > CentOS mailing list > CentOS at centos.org > https://lists.centos.org/mailman/listinfo/centos >
Looking at the redhat CVE it looks like *by default config* it is not vulnerable except from the localhost. On 03/10/2016 02:37 PM, Alice Wonder wrote:> As soon as RHEL does. > > On 03/10/2016 02:13 PM, Leonardo Oliveira Ortiz wrote: >> CentOS will provide an update to fix it? >> >> ________________________________________ >> De: centos-bounces at centos.org [centos-bounces at centos.org] em nome de >> Alice Wonder [alice at domblogger.net] >> Enviado: quinta-feira, 10 de mar?o de 2016 15:31 >> Para: centos at centos.org >> Assunto: Re: [CentOS] CVE-2016-1285 & CVE-2016-1286 >> >> On 03/10/2016 07:13 AM, Michael H wrote: >>> On 10/03/16 14:47, Leonardo Oliveira Ortiz wrote: >>>> Hello. >>>> >>>> I think Centos are affected, right? >>>> >>>> Some update from Centos? >>>> _______________________________________________ >>>> CentOS mailing list >>>> CentOS at centos.org >>>> https://lists.centos.org/mailman/listinfo/centos >>>> >>> >>> Sure looks that way... >>> >>> https://access.redhat.com/security/cve/cve-2016-1285 >>> https://access.redhat.com/security/cve/cve-2016-1286 >>> >>> >> >> I don't think NSD is impacted, which is what I use for authoritative >> nameserver. There's an EPEL package. NSD is authoritative only, which is >> why I use it. >> >> No clue about unbound. >> >> _______________________________________________ >> CentOS mailing list >> CentOS at centos.org >> https://lists.centos.org/mailman/listinfo/centos >> _______________________________________________ >> CentOS mailing list >> CentOS at centos.org >> https://lists.centos.org/mailman/listinfo/centos >> > > _______________________________________________ > CentOS mailing list > CentOS at centos.org > https://lists.centos.org/mailman/listinfo/centos
Leonardo Oliveira Ortiz
2016-Mar-11 10:23 UTC
[CentOS] RES: RES: CVE-2016-1285 & CVE-2016-1286
For CVE-2016-1285... I think it is still vulnerable to CVE-2016-1286 ... -----Mensagem original----- De: centos-bounces at centos.org [mailto:centos-bounces at centos.org] Em nome de Alice Wonder Enviada em: sexta-feira, 11 de mar?o de 2016 03:12 Para: centos at centos.org Assunto: Re: [CentOS] RES: CVE-2016-1285 & CVE-2016-1286 Looking at the redhat CVE it looks like *by default config* it is not vulnerable except from the localhost. On 03/10/2016 02:37 PM, Alice Wonder wrote:> As soon as RHEL does. > > On 03/10/2016 02:13 PM, Leonardo Oliveira Ortiz wrote: >> CentOS will provide an update to fix it? >> >> ________________________________________ >> De: centos-bounces at centos.org [centos-bounces at centos.org] em nome de >> Alice Wonder [alice at domblogger.net] >> Enviado: quinta-feira, 10 de mar?o de 2016 15:31 >> Para: centos at centos.org >> Assunto: Re: [CentOS] CVE-2016-1285 & CVE-2016-1286 >> >> On 03/10/2016 07:13 AM, Michael H wrote: >>> On 10/03/16 14:47, Leonardo Oliveira Ortiz wrote: >>>> Hello. >>>> >>>> I think Centos are affected, right? >>>> >>>> Some update from Centos? >>>> _______________________________________________ >>>> CentOS mailing list >>>> CentOS at centos.org >>>> https://lists.centos.org/mailman/listinfo/centos >>>> >>> >>> Sure looks that way... >>> >>> https://access.redhat.com/security/cve/cve-2016-1285 >>> https://access.redhat.com/security/cve/cve-2016-1286 >>> >>> >> >> I don't think NSD is impacted, which is what I use for authoritative >> nameserver. There's an EPEL package. NSD is authoritative only, which >> is why I use it. >> >> No clue about unbound. >> >> _______________________________________________ >> CentOS mailing list >> CentOS at centos.org >> https://lists.centos.org/mailman/listinfo/centos >> _______________________________________________ >> CentOS mailing list >> CentOS at centos.org >> https://lists.centos.org/mailman/listinfo/centos >> > > _______________________________________________ > CentOS mailing list > CentOS at centos.org > https://lists.centos.org/mailman/listinfo/centos_______________________________________________ CentOS mailing list CentOS at centos.org https://lists.centos.org/mailman/listinfo/centos