bindの脆弱性CVE-2016-2776の修正版が出ていたので更新しました。
RedHat Security CVE-2016-2776
https://access.redhat.com/security/cve/cve-2016-2776
<<< JPCERT/CC Alert 2016-09-28 >>>
ISC BIND 9 サービス運用妨害の脆弱性 (CVE-2016-2776) に関する注意喚起
https://www.jpcert.or.jp/at/2016/at160037.html
JVNVU#90255292
ISC BIND 9 にサービス運用妨害 (DoS) の脆弱性
http://jvn.jp/vu/JVNVU90255292/
特定の条件に一致するクエリに対するレスポンスパケットの生成処理に問題があり、buffer.c で例外が発生し、named が異常終了します。
クエリ一つでnamedを殺すことが出来るようです。
下記の更新はすべてyum -y update bindです。
- Red Hat Enterprise Linux Server release 6.8
- CentOS release 5.11
- CentOS Linux release 7.2.1511
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 |
================================================================================== Package Arch Version Repository Size ================================================================================== Updating: bind x86_64 32:9.8.2-0.47.rc1.el6_8.1 rhel-6-server-rpms 4.0 M bind-chroot x86_64 32:9.8.2-0.47.rc1.el6_8.1 rhel-6-server-rpms 75 k bind-libs x86_64 32:9.8.2-0.47.rc1.el6_8.1 rhel-6-server-rpms 889 k bind-utils x86_64 32:9.8.2-0.47.rc1.el6_8.1 rhel-6-server-rpms 187 k # rpm -q --changelog bind | head * Fri Sep 23 2016 Tomas Hozza <thozza@redhat.com> - 32:9.8.2-0.47.rc1.1 - Fix CVE-2016-2776 * Wed Mar 09 2016 Tomas Hozza <thozza@redhat.com> - 32:9.8.2-0.47.rc1 - Fix CVE-2016-1285 and CVE-2016-1286 * Mon Jan 18 2016 Tomas Hozza <thozza@redhat.com> - 32:9.8.2-0.46.rc1 - Fix CVE-2015-8704 * Mon Jan 11 2016 Tomas Hozza <thozza@redhat.com> - 32:9.8.2-0.45.rc1 |
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 |
========================================================================= Package Arch Version Repository Size ========================================================================= Updating: bind i386 30:9.3.6-25.P1.el5_11.9 updates 983 k bind-chroot i386 30:9.3.6-25.P1.el5_11.9 updates 48 k bind-libs i386 30:9.3.6-25.P1.el5_11.9 updates 867 k bind-utils i386 30:9.3.6-25.P1.el5_11.9 updates 175 k # rpm -q --changelog bind | head * Sat Sep 24 2016 Tomas Hozza <thozza@redhat.com> - 30:9.3.6-25.P1.9 - Fix CVE-2016-2776 * Tue Mar 15 2016 Tomas Hozza <thozza@redhat.com> - 30:9.3.6-25.P1.8 - Fix issue with patch for CVE-2016-1285 and CVE-2016-1286 found by test suite * Thu Mar 10 2016 Tomas Hozza <thozza@redhat.com> - 30:9.3.6-25.P1.7 - Fix CVE-2016-1285 and CVE-2016-1286 * Tue Jan 19 2016 Tomas Hozza <thozza@redhat.com> - 30:9.3.6-25.P1.6 |
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 |
====================================================================== Package Arch Version Repository Size ====================================================================== Updating: bind x86_64 32:9.9.4-29.el7_2.4 updates 1.8 M bind-chroot x86_64 32:9.9.4-29.el7_2.4 updates 83 k bind-libs x86_64 32:9.9.4-29.el7_2.4 updates 1.0 M bind-utils x86_64 32:9.9.4-29.el7_2.4 updates 200 k # rpm -q --changelog bind | head * Fri Sep 23 2016 Tomas Hozza <thozza@redhat.com> - 32:9.9.4-29.4 - Fix CVE-2016-2776 * Tue Mar 08 2016 Tomas Hozza <thozza@redhat.com> - 32:9.9.4-29.3 - Fix CVE-2016-1285 and CVE-2016-1286 * Mon Jan 18 2016 Tomas Hozza <thozza@redhat.com> - 32:9.9.4-29.2 - Fix CVE-2015-8704 * Mon Dec 14 2015 Tomas Hozza <thozza@redhat.com> - 32:9.9.4-29.1 |
CentOS 5という古いOSでもこうして対応して頂けるのは本当に有り難いことです。
many thanks! CentOS