Page 1 of 2

bind

Posted: 2020/12/02 14:26:51
by good_face
I use bind version is 9.11.4-26.P2.el7.x86_64
Do we need to update the new bind version? Which version do we need to switch to. and how do we know that this is really necessary? There are updates from time to time, you think every update should be done, how we should organize it. How should we decide what to update?
How can I decide if it's really necessary? What are the vulnerability and we really have to do the premise right now?

Re: bind

Posted: 2020/12/02 15:27:00
by jlehtone
Update all.

The current versions (for CentOS 7) seem to be:

Code: Select all

kernel   3.10.0-1160.6.1.el7
bind     32:9.11.4-26.P2.el7_9.2
The latest version is the supported version.
Anything earlier should be assumed to have more bugs and vulnerabilities than the latest released version.

Re: bind

Posted: 2020/12/02 15:33:33
by TrevorH
you think every update should be done
Yes. Or at the least you should check it to see what it fixes and put it on if it's security related. Most updates for CentOS between point releases are for security though.

Re: bind

Posted: 2020/12/02 16:04:35
by good_face
The link below is said to be a security vulnerability. Do I need to fix this right away? Is this something important? Which version should I switch to for this and how can I find a document that tells me that the binding version or OS update process for this vulnerability has been fixed ? Is it really something that needs to be updated. Also, is there a bind version update with yum update or I will do a different process for it.

Re: bind

Posted: 2020/12/02 16:25:20
by TrevorH
The most recent version is always available by running yum update.

Please see https://access.redhat.com/security/updates/backporting for information about how Red Hat goes about deciding which versions are shipped and bear that in mind when looking for an updated version. The "latest" version number is unlikely to be the correct solution for RHEL/CentOS based systems.

Re: bind

Posted: 2020/12/02 20:09:24
by good_face
I have read and understood your priceless information. I want to ask you something I was curious about and researched but could not find. How can I find which OS version the bind version I want to install is compatible with? For example, I need to upgrade to the new version for the error in the bind version I am using, but if the OS does not recommend it, or which OS version should I use to support this update, how can I find the information here. As you know, system security scans are performed with some tools, but it is difficult to find the actions to be taken on the system and OS side. I also want to know, is there something to be done in the system for this vulnerability or is it unnecessary? I wonder which centos version the following vulnerabilities are fixed and the method of finding. if not, just a bind update won't make any sense.




thanks

Re: bind

Posted: 2020/12/03 02:49:18
by TrevorH
You only install things using yum.

The article I pointed you to shows you how to check for CVE numbers in the rpm changelog to see if things are fixed. You can also check the status of CVE numbers using https://access.redhat.com/security/cve/ - for example https://access.redhat.com/security/cve/CVE-2014-0224

Re: bind

Posted: 2020/12/03 10:29:10
by good_face
i use centos 7.8 (2003 ) and I could not find anything about cve-2020-8616 on the website. what does it mean? just i am asking to find out

https://access.redhat.com/security/cve/cve-2020-8616

Re: bind

Posted: 2020/12/03 10:43:12
by mghe
Try it: $ rpm -q bind --changelog | grep 8616

Re: bind

Posted: 2020/12/03 10:58:20
by good_face
can you comment on what you wanted? I could not make any comments.

$ rpm -q bind --changelog | grep 8616
RPM version 4.11.3