2014/12/09に発表されたbindの脆弱性(CVE-2014-8500)ですが、ISC BIND 9すべてのバージョンに影響があるんだ(^^;;
ISC BIND 9 サービス運用妨害の脆弱性 (CVE-2014-8500) に関する注意喚起
https://www.jpcert.or.jp/at/2014/at140050.html
ISC BIND 9 には、サービス運用妨害 (DoS) の原因となる脆弱性があります。
本脆弱性を使用された場合、遠隔からの攻撃によって named が異常終了する
可能性があります。
それなら弊社事務所のサーバも対象だから早々にアップデートしました
まだCentOS release 5.10 (Final)をメンテナンスしつつ、すでに5年使用しています
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 |
[root@host01 ~]# yum update bind Loaded plugins: fastestmirror Loading mirror speeds from cached hostfile * addons: ftp.nara.wide.ad.jp * base: ftp.nara.wide.ad.jp * centosplus: ftp.nara.wide.ad.jp * epel: ftp.iij.ad.jp * extras: ftp.nara.wide.ad.jp * remi: remi.kazukioishi.net * updates: ftp.nara.wide.ad.jp Setting up Update Process Resolving Dependencies --> Running transaction check --> Processing Dependency: bind = 30:9.3.6-20.P1.el5_8.6 for package: bind-chroot ---> Package bind.i386 30:9.3.6-25.P1.el5_11.2 set to be updated --> Processing Dependency: bind-libs = 30:9.3.6-25.P1.el5_11.2 for package: bind --> Running transaction check ---> Package bind-chroot.i386 30:9.3.6-25.P1.el5_11.2 set to be updated --> Processing Dependency: bind-libs = 30:9.3.6-20.P1.el5_8.6 for package: bind-utils ---> Package bind-libs.i386 30:9.3.6-25.P1.el5_11.2 set to be updated --> Running transaction check ---> Package bind-utils.i386 30:9.3.6-25.P1.el5_11.2 set to be updated --> Finished Dependency Resolution Dependencies Resolved ================================================================================ Package Arch Version Repository Size ================================================================================ Updating: bind i386 30:9.3.6-25.P1.el5_11.2 updates 982 k Updating for dependencies: bind-chroot i386 30:9.3.6-25.P1.el5_11.2 updates 47 k bind-libs i386 30:9.3.6-25.P1.el5_11.2 updates 866 k bind-utils i386 30:9.3.6-25.P1.el5_11.2 updates 174 k Transaction Summary ================================================================================ Install 0 Package(s) Upgrade 4 Package(s) Total download size: 2.0 M Is this ok [y/N]: y Downloading Packages: (1/4): bind-chroot-9.3.6-25.P1.el5_11.2.i386.rpm | 47 kB 00:00 (2/4): bind-utils-9.3.6-25.P1.el5_11.2.i386.rpm | 174 kB 00:00 (3/4): bind-libs-9.3.6-25.P1.el5_11.2.i386.rpm | 866 kB 00:00 (4/4): bind-9.3.6-25.P1.el5_11.2.i386.rpm | 982 kB 00:00 -------------------------------------------------------------------------------- Total 1.5 MB/s | 2.0 MB 00:01 Running rpm_check_debug Running Transaction Test Finished Transaction Test Transaction Test Succeeded Running Transaction Updating : bind-libs 1/8 Updating : bind 2/8 Updating : bind-chroot 3/8 Updating : bind-utils 4/8 Cleanup : bind-libs 5/8 Cleanup : bind 6/8 Cleanup : bind-chroot 7/8 Cleanup : bind-utils 8/8 Updated: bind.i386 30:9.3.6-25.P1.el5_11.2 Dependency Updated: bind-chroot.i386 30:9.3.6-25.P1.el5_11.2 bind-libs.i386 30:9.3.6-25.P1.el5_11.2 bind-utils.i386 30:9.3.6-25.P1.el5_11.2 Complete! |
1 2 3 4 5 6 7 8 9 10 11 |
[root@host01 ~]# rpm -q --changelog bind-9.3.6-25.P1.el5_11.2 | head * 木 12月 11 2014 Tomas Hozza <thozza@redhat.com> 30:9.3.6-25.P1.2 - Remove files backup after patching (Related: #1171971) * 木 12月 11 2014 Tomas Hozza <thozza@redhat.com> 30:9.3.6-25.P1.1 - Fix CVE-2014-8500 (#1171971) * 火 12月 11 2012 Adam Tkac <atkac redhat com> 30:9.3.6-25.P1 - fix race condition in socket module * 木 10月 11 2012 Adam Tkac <atkac redhat com> 30:9.3.6-24.P1 |
もう、記事にする程のことでもないですね(^^