Hello,
A high faillure as posted the 24 avril :
https://kb.isc.org/docs/cve-2018-5743
The last update seem really old :
rpm -q --changelog bind | less
* ven. nov. 23 2018 Petr Menšík <pemensik@redhat.com> - 32:9.9.4-73
- Fixes debug level comments (#1647539)
The BIND package don't have backporting security Fixes ?
Thks for help !
Best regards.
Vulnerability BIND CVE-2018-5743
Re: Vulnerability BIND CVE-2018-5743
If you're looking for a fix for CVE-2018-15473 then you'd do better looking at the openssh package since that is an openssh vulnerability not one in bind.
That's a low severity username exposure and is already fixed in the copy of openssh for CentOS 6. The update for 7 is not yet available and I suspect that it will be part of 7.7 if/when that arrives in due course (there's not even a RHEL 7.7 beta as yet).
That's a low severity username exposure and is already fixed in the copy of openssh for CentOS 6. The update for 7 is not yet available and I suspect that it will be part of 7.7 if/when that arrives in due course (there's not even a RHEL 7.7 beta as yet).
The future appears to be RHEL or Debian. I think I'm going Debian.
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 and 6 are deadest, do not use them.
Use the FAQ Luke
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 and 6 are deadest, do not use them.
Use the FAQ Luke
Re: Vulnerability BIND CVE-2018-5743
Meanwhile, once you remove the typos from the CVE id, you need to look at https://access.redhat.com/security/cve/cve-2018-5743 and its linked bugzilla entry. Now also corrected in the thread subject (previously was CVE-2018-15473)
The future appears to be RHEL or Debian. I think I'm going Debian.
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 and 6 are deadest, do not use them.
Use the FAQ Luke
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 and 6 are deadest, do not use them.
Use the FAQ Luke
Re: Vulnerability BIND CVE-2018-5743
Sorry for subject error...
The subject is for BIND.
I'm a beginner on bug tracking, I learn the bugzilla entry and i see patch for upper versions but not for the actual packet 9.9.4 (centos 7.6).
Do you think we will have an update ?
Sorry again but I do not know the process of package updates...
The subject is for BIND.
I'm a beginner on bug tracking, I learn the bugzilla entry and i see patch for upper versions but not for the actual packet 9.9.4 (centos 7.6).
Do you think we will have an update ?
Sorry again but I do not know the process of package updates...
Re: Vulnerability BIND CVE-2018-5743
https://access.redhat.com/security/cve/cve-2018-5743 will change once there is a fix. At present there is a table in there with RHEL7 and 6 and 5 listed and 6+7 both say "Affected" and the other two say "Will not fix" because those are out of support. When RH release a fix for RHEL that page will change and where it says "Affected" now will point to an entry on the Redhat errata page listing the fix.
Once Redhat release the fixed version for RHEL then and only then will CentOS pick up the newly released source package and rebuild it for CentOS.
You might be able to use iptables rate limiting in the meantime to bypass the problem.
Once Redhat release the fixed version for RHEL then and only then will CentOS pick up the newly released source package and rebuild it for CentOS.
You might be able to use iptables rate limiting in the meantime to bypass the problem.
The future appears to be RHEL or Debian. I think I'm going Debian.
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 and 6 are deadest, do not use them.
Use the FAQ Luke
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 and 6 are deadest, do not use them.
Use the FAQ Luke
Re: Vulnerability BIND CVE-2018-5743
Thank you very much for your comprehensive explanations and advice.
Have a nice day !
Have a nice day !