2014/12/09に発表されたbindの脆弱性(CVE-2014-8500)の対応版がRedHatから12/12に提供されていましたのでアップデートを行いました
ISC BIND 9 サービス運用妨害の脆弱性 (CVE-2014-8500) に関する注意喚起
https://www.jpcert.or.jp/at/2014/at140050.html
ISC BIND 9 には、サービス運用妨害 (DoS) の原因となる脆弱性があります。
本脆弱性を使用された場合、遠隔からの攻撃によって named が異常終了する
可能性があります。
Important: bind security update
https://rhn.redhat.com/errata/RHSA-2014-1984.html
今回担当したサーバはサブスクリプション登録されていましたので、すんなり作業完了です
OSはRed Hat Enterprise Linux Server release 6.2 (Santiago)です
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 |
[root@host01 ~]# yum update bind Loaded plugins: aliases, changelog, downloadonly, kabi, presto, product-id, : refresh-packagekit, rhnplugin, security, subscription-manager, : tmprepo, verify, versionlock Updating certificate-based repositories. Loading support for Red Hat kernel ABI Setting up Update Process Resolving Dependencies --> Running transaction check ---> Package bind.x86_64 32:9.8.2-0.30.rc1.el6 will be updated --> Processing Dependency: bind = 32:9.8.2-0.30.rc1.el6 for package: 32:bind-chroot-9.8.2-0.30.rc1.el6.x86_64 ---> Package bind.x86_64 32:9.8.2-0.30.rc1.el6_6.1 will be an update --> Processing Dependency: bind-libs = 32:9.8.2-0.30.rc1.el6_6.1 for package: 32:bind-9.8.2-0.30.rc1.el6_6.1.x86_64 --> Running transaction check ---> Package bind-chroot.x86_64 32:9.8.2-0.30.rc1.el6 will be updated ---> Package bind-chroot.x86_64 32:9.8.2-0.30.rc1.el6_6.1 will be an update ---> Package bind-libs.x86_64 32:9.8.2-0.30.rc1.el6 will be updated --> Processing Dependency: bind-libs = 32:9.8.2-0.30.rc1.el6 for package: 32:bind-utils-9.8.2-0.30.rc1.el6.x86_64 ---> Package bind-libs.x86_64 32:9.8.2-0.30.rc1.el6_6.1 will be an update --> Running transaction check ---> Package bind-utils.x86_64 32:9.8.2-0.30.rc1.el6 will be updated ---> Package bind-utils.x86_64 32:9.8.2-0.30.rc1.el6_6.1 will be an update --> Finished Dependency Resolution Dependencies Resolved ================================================================================ Package Arch Version Repository Size ================================================================================ Updating: bind x86_64 32:9.8.2-0.30.rc1.el6_6.1 rhel-x86_64-server-6 4.1 M Updating for dependencies: bind-chroot x86_64 32:9.8.2-0.30.rc1.el6_6.1 rhel-x86_64-server-6 73 k bind-libs x86_64 32:9.8.2-0.30.rc1.el6_6.1 rhel-x86_64-server-6 884 k bind-utils x86_64 32:9.8.2-0.30.rc1.el6_6.1 rhel-x86_64-server-6 185 k Transaction Summary ================================================================================ Upgrade 4 Package(s) Total download size: 5.2 M Is this ok [y/N]: y Downloading Packages: Setting up and reading Presto delta metadata Processing delta metadata Package(s) data still to download: 5.2 M (1/4): bind-9.8.2-0.30.rc1.el6_6.1.x86_64.rpm | 4.1 MB 00:02 (2/4): bind-chroot-9.8.2-0.30.rc1.el6_6.1.x86_64.rpm | 73 kB 00:00 (3/4): bind-libs-9.8.2-0.30.rc1.el6_6.1.x86_64.rpm | 884 kB 00:00 (4/4): bind-utils-9.8.2-0.30.rc1.el6_6.1.x86_64.rpm | 185 kB 00:00 -------------------------------------------------------------------------------- Total 1.1 MB/s | 5.2 MB 00:04 Running rpm_check_debug Running Transaction Test Transaction Test Succeeded Running Transaction Warning: RPMDB altered outside of yum. ** Found 1 pre-existing rpmdb problem(s), 'yum check' output follows: kernel-firmware-2.6.32-220.7.1.el6.noarch is a duplicate with kernel-firmware-2.6.32-220.el6.noarch Updating : 32:bind-libs-9.8.2-0.30.rc1.el6_6.1.x86_64 1/8 Updating : 32:bind-9.8.2-0.30.rc1.el6_6.1.x86_64 2/8 Updating : 32:bind-chroot-9.8.2-0.30.rc1.el6_6.1.x86_64 3/8 Updating : 32:bind-utils-9.8.2-0.30.rc1.el6_6.1.x86_64 4/8 Cleanup : 32:bind-chroot-9.8.2-0.30.rc1.el6.x86_64 5/8 Cleanup : 32:bind-9.8.2-0.30.rc1.el6.x86_64 6/8 Cleanup : 32:bind-utils-9.8.2-0.30.rc1.el6.x86_64 7/8 Cleanup : 32:bind-libs-9.8.2-0.30.rc1.el6.x86_64 8/8 Installed products updated. Updated: bind.x86_64 32:9.8.2-0.30.rc1.el6_6.1 Dependency Updated: bind-chroot.x86_64 32:9.8.2-0.30.rc1.el6_6.1 bind-libs.x86_64 32:9.8.2-0.30.rc1.el6_6.1 bind-utils.x86_64 32:9.8.2-0.30.rc1.el6_6.1 Complete! |
1 2 3 4 5 6 7 8 9 10 11 |
[root@host01 ~]# rpm -q --changelog bind-9.8.2-0.30.rc1.el6_6.1.x86_64 | head * Tue Dec 09 2014 Tomas Hozza <thozza@redhat.com> 32:9.8.2-0.30.rc1.1 - Fix CVE-2014-8500 (#1171973) * Mon Jun 09 2014 Tomas Hozza <thozza@redhat.com> 32:9.8.2-0.30.rc1 - Use /dev/urandom when generating rndc.key file (#951255) * Mon May 19 2014 Tomas Hozza <thozza@redhat.com> 32:9.8.2-0.29.rc1 - Remove bogus file from /usr/share/doc, introduced by fix for bug #1092035 * Mon May 19 2014 Tomas Hozza <thozza@redhat.com> 32:9.8.2-0.28.rc1 |