


bindの脆弱性(CVE-2015-5477)が2015/07/31に発表されていました。
DNS サーバ BIND の脆弱性対策について(CVE-2015-5477)
http://www.ipa.go.jp/security/ciadr/vul/20150731-bind.html
概要
DNS サーバの BIND に、遠隔からの攻撃によって異常終了し、サービス不能 (DoS) 状態となる脆弱性が存在します。日本国内において本脆弱性を悪用した攻撃を確認したとの情報があるため、至急、DNS サーバ管理者はアップデートを適用して下さい。
事務所サーバのbindをアップデートしました。
・CentOS release 5.11 (Final)
・Kernel:2.6.18-406.el5.centos.plusPAE
・BIND 9.3.6-P1-RedHat-9.3.6-25.P1.el5_11.2
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 |
[root@host01 ~]# yum update bind Loaded plugins: fastestmirror Loading mirror speeds from cached hostfile * addons: ftp.iij.ad.jp * base: ftp.iij.ad.jp * centosplus: ftp.iij.ad.jp * epel: ftp.kddilabs.jp * extras: ftp.iij.ad.jp * remi: remi.kazukioishi.net * updates: ftp.iij.ad.jp Setting up Update Process Resolving Dependencies --> Running transaction check --> Processing Dependency: bind = 30:9.3.6-25.P1.el5_11.2 for package: bind-chroot ---> Package bind.i386 30:9.3.6-25.P1.el5_11.3 set to be updated --> Processing Dependency: bind-libs = 30:9.3.6-25.P1.el5_11.3 for package: bind --> Running transaction check ---> Package bind-chroot.i386 30:9.3.6-25.P1.el5_11.3 set to be updated --> Processing Dependency: bind-libs = 30:9.3.6-25.P1.el5_11.2 for package: bind-utils ---> Package bind-libs.i386 30:9.3.6-25.P1.el5_11.3 set to be updated --> Running transaction check ---> Package bind-utils.i386 30:9.3.6-25.P1.el5_11.3 set to be updated --> Finished Dependency Resolution Dependencies Resolved ================================================================================ Package Arch Version Repository Size ================================================================================ Updating: bind i386 30:9.3.6-25.P1.el5_11.3 updates 982 k Updating for dependencies: bind-chroot i386 30:9.3.6-25.P1.el5_11.3 updates 48 k bind-libs i386 30:9.3.6-25.P1.el5_11.3 updates 866 k bind-utils i386 30:9.3.6-25.P1.el5_11.3 updates 174 k Transaction Summary ================================================================================ Install 0 Package(s) Upgrade 4 Package(s) Total download size: 2.0 M Is this ok [y/N]: y Downloading Packages: (1/4): bind-chroot-9.3.6-25.P1.el5_11.3.i386.rpm | 48 kB 00:00 (2/4): bind-utils-9.3.6-25.P1.el5_11.3.i386.rpm | 174 kB 00:00 (3/4): bind-libs-9.3.6-25.P1.el5_11.3.i386.rpm | 866 kB 00:00 (4/4): bind-9.3.6-25.P1.el5_11.3.i386.rpm | 982 kB 00:00 -------------------------------------------------------------------------------- Total 3.7 MB/s | 2.0 MB 00:00 Running rpm_check_debug Running Transaction Test Finished Transaction Test Transaction Test Succeeded Running Transaction Updating : bind-libs 1/8 Updating : bind 2/8 Updating : bind-chroot 3/8 Updating : bind-utils 4/8 Cleanup : bind-chroot 5/8 Cleanup : bind-libs 6/8 Cleanup : bind 7/8 Cleanup : bind-utils 8/8 Updated: bind.i386 30:9.3.6-25.P1.el5_11.3 Dependency Updated: bind-chroot.i386 30:9.3.6-25.P1.el5_11.3 bind-libs.i386 30:9.3.6-25.P1.el5_11.3 bind-utils.i386 30:9.3.6-25.P1.el5_11.3 Complete! |
念の為に再起動
1 2 3 |
[root@host01 ~]# /etc/init.d/named restart named を停止中: . [ OK ] named を起動中: [ OK ] |
確認
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 |
[root@host01 ~]# less /var/log/messages Aug 6 13:29:44 host01 named[23412]: starting BIND 9.3.6-P1-RedHat-9.3.6-25.P1.el5_11.3 -u named -t /var/named/chroot [root@host01 ~]# named -v BIND 9.3.6-P1-RedHat-9.3.6-25.P1.el5_11.3 [root@host01 ~]# rpm -q -changelog bind | head * 火 7月 28 2015 Florian Weimer <fweimer@redhat.com> - 30:9.3.6-25.P1.3 - Fix CVE-2015-5477 * 木 12月 11 2014 Tomas Hozza <thozza@redhat.com> 30:9.3.6-25.P1.2 - Remove files backup after patching (Related: #1171971) * 木 12月 11 2014 Tomas Hozza <thozza@redhat.com> 30:9.3.6-25.P1.1 - Fix CVE-2014-8500 (#1171971) * 火 12月 11 2012 Adam Tkac <atkac redhat com> 30:9.3.6-25.P1 |