BIND vulnerability on Centos 6
Posted: Wed Aug 05, 2015 6:36 am
I'm hesitant to post this, but just in case it helps someone:
The latest Bind vulnerability is quite annoying as it allows an attacker to remotely crash it.
For reasons that don't make much sense to me, there is currently no fixed version in the normal Centos 6 repos (this only applies to Centos 6 - not 5 or 7).
An easy way to obtain a fixed packages for Centos 6 is via the Centos 6 CR repo.
( http://wiki.centos.org/AdditionalResour ... itories/CR )
# yum install centos-release-cr
# yum upgrade bind
# service named restart
( then disable the repo by editing /etc/yum.repos.d/CentOS-CR.repo to change enabled to 0 )
I know some people feel that you should always enable the CR repo, but I don't feel the same way:
"The continuous release (CR) repository makes generally available packages that will appear in the next point release of CentOS, on a testing and hotfix basis until formally released"
The latest Bind vulnerability is quite annoying as it allows an attacker to remotely crash it.
For reasons that don't make much sense to me, there is currently no fixed version in the normal Centos 6 repos (this only applies to Centos 6 - not 5 or 7).
An easy way to obtain a fixed packages for Centos 6 is via the Centos 6 CR repo.
( http://wiki.centos.org/AdditionalResour ... itories/CR )
# yum install centos-release-cr
# yum upgrade bind
# service named restart
( then disable the repo by editing /etc/yum.repos.d/CentOS-CR.repo to change enabled to 0 )
I know some people feel that you should always enable the CR repo, but I don't feel the same way:
"The continuous release (CR) repository makes generally available packages that will appear in the next point release of CentOS, on a testing and hotfix basis until formally released"