Hi all,
We are using CentOS 7 in our environment for DNS BIND and the current BIND version we are on is: 9.11.4-P2-RedHat-9.11.4-26.P2.el7_9.2.
Based on this CVE-2022-38177, [hxxps://kb.isc.org/v1/docs/cve-2022-38177] I tried looking at the repo packages under [hxxp://mirror.centos.org/centos/7/updates/x86_64/Packages/]
But the latest I can see is "bind-9.11.4-26.P2.el7_9.9.x86_64.rpm" Date: 2022-02-24 13:52
The recommended version as per the advisory from ISC is 9.16.33.
Is this currently being tested on? Or this has no impact to CentOS 7?
Thanks in advance
CVE-2022-38177 on CentOS 7
Re: CVE-2022-38177 on CentOS 7
https://access.redhat.com/security/cve/CVE-2022-38177
Looks like RHEL has no fix yet and thus CentOS cannot rebuild it. Once RH release a fixed package for RHEL 7 then CentOS will rebuild it.
Looks like RHEL has no fix yet and thus CentOS cannot rebuild it. Once RH release a fixed package for RHEL 7 then CentOS will rebuild it.
CentOS 8 died a premature death at the end of 2021 - migrate to Rocky/Alma/OEL/Springdale ASAP.
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 and 6 are dead, do not use them.
Use the FAQ Luke
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 and 6 are dead, do not use them.
Use the FAQ Luke
-
j0esgoldberg
- Posts: 2
- Joined: 2022/09/29 07:09:31
Re: CVE-2022-38177 on CentOS 7
Thanks TrevorH!
I'll also look at the workaround that was provided by ISC for the meantime. And, then wait for RHEL/CentOS fixed package.
I'll also look at the workaround that was provided by ISC for the meantime. And, then wait for RHEL/CentOS fixed package.