CVE-2022-38177 on CentOS 7

Support for security such as Firewalls and securing linux
Post Reply
j0esgoldberg
Posts: 2
Joined: 2022/09/29 07:09:31

CVE-2022-38177 on CentOS 7

Post by j0esgoldberg » 2022/09/29 07:16:25

Hi all,

We are using CentOS 7 in our environment for DNS BIND and the current BIND version we are on is: 9.11.4-P2-RedHat-9.11.4-26.P2.el7_9.2.

Based on this CVE-2022-38177, [hxxps://kb.isc.org/v1/docs/cve-2022-38177] I tried looking at the repo packages under [hxxp://mirror.centos.org/centos/7/updates/x86_64/Packages/]

But the latest I can see is "bind-9.11.4-26.P2.el7_9.9.x86_64.rpm" Date: 2022-02-24 13:52

The recommended version as per the advisory from ISC is 9.16.33.

Is this currently being tested on? Or this has no impact to CentOS 7?

Thanks in advance

User avatar
TrevorH
Site Admin
Posts: 33263
Joined: 2009/09/24 10:40:56
Location: Brighton, UK

Re: CVE-2022-38177 on CentOS 7

Post by TrevorH » 2022/09/29 09:35:32

https://access.redhat.com/security/cve/CVE-2022-38177

Looks like RHEL has no fix yet and thus CentOS cannot rebuild it. Once RH release a fixed package for RHEL 7 then CentOS will rebuild it.
The future appears to be RHEL or Debian. I think I'm going Debian.
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 and 6 are deadest, do not use them.
Use the FAQ Luke

j0esgoldberg
Posts: 2
Joined: 2022/09/29 07:09:31

Re: CVE-2022-38177 on CentOS 7

Post by j0esgoldberg » 2022/09/29 09:50:53

Thanks TrevorH!

I'll also look at the workaround that was provided by ISC for the meantime. And, then wait for RHEL/CentOS fixed package.

Post Reply