Hello Experts, When we can expect Security Update for Bind Vulnerability on Centos 6.8/7.2? ISC BIND Lightweight Resolver Protocol Req Processing Dos Vulnerability: CVE-2016-2775 -- With Thanks & Regards: Sidharth Sharma
Sidharth Sharma:> > When we can expect Security Update for Bind Vulnerability on Centos 6.8/7.2? > ISC BIND Lightweight Resolver Protocol Req Processing Dos Vulnerability:>CVE-2016-2775 See: https://access.redhat.com/security/cve/cve-2016-2775 James Pearson
On 2016-09-01 4:34 am, James Pearson wrote:> Sidharth Sharma: >> >> When we can expect Security Update for Bind Vulnerability on Centos >> 6.8/7.2? >> ISC BIND Lightweight Resolver Protocol Req Processing Dos >> Vulnerability: > >CVE-2016-2775 > > See: > > https://access.redhat.com/security/cve/cve-2016-2775Ouch! Affected Packages State Platform Package State Red Hat Enterprise Linux 5 bind97 Will not fix Red Hat Enterprise Linux 6 bind Will not fix Red Hat Enterprise Linux 5 bind Will not fix Red Hat Enterprise Linux 7 bind Will not fix -- Mike Burger http://www.bubbanfriends.org "It's always suicide-mission this, save-the-planet that. No one ever just stops by to say 'hi' anymore." --Colonel Jack O'Neill, SG1
On Thu, Sep 01, 2016 at 08:34:08AM +0000, James Pearson wrote:> > Sidharth Sharma: > > > > When we can expect Security Update for Bind Vulnerability on Centos 6.8/7.2? > > ISC BIND Lightweight Resolver Protocol Req Processing Dos Vulnerability: > >CVE-2016-2775 > > See: > > https://access.redhat.com/security/cve/cve-2016-2775The important takeaway is that Red Hat has marked it as "Will Not Fix", and in the BZ, the statement is: "Red Hat Product Security has rated this issue as having Moderate security impact. This issue is not currently planned to be addressed in future updates. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/. Note that this issue only affects BIND deployments that make use of the non-default lightweight resolver protocol for name resolution. " -- Jonathan Billings <billings at negate.org>