On 10/16/2016 10:28 PM, マスターズ イアン wrote:
I'd like to know if the present version of Bind in CentOS 6
(bind-9.8.2-0.47.rc1.el6_8.1.x86_64) is vulerable to CVE-2016-2776.
According tohttps://www.isc.org/downloads/, version 9.8.x is End-of-Life (EOL)
as of Sep 2014.
Red Hat continues to maintain their own fork of 9.8 for EL6, and this
RHSA https://rhn.redhat.com/errata/RHSA-2016-1944.html says that version
of bind you mention does indeed include the fix to that CVE. CentOS is
built from the same SRPM's.
john r pierce, recycling bits in santa cruz
CentOS mailing list