Hello.
I think Centos are affected, right?
Some update from Centos?
On 10/03/16 14:47, Leonardo Oliveira Ortiz wrote:
Hello.
I think Centos are affected, right?
Some update from Centos? _______________________________________________ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Sure looks that way...
https://access.redhat.com/security/cve/cve-2016-1285 https://access.redhat.com/security/cve/cve-2016-1286
On 03/10/2016 07:13 AM, Michael H wrote:
On 10/03/16 14:47, Leonardo Oliveira Ortiz wrote:
Hello.
I think Centos are affected, right?
Some update from Centos? _______________________________________________ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Sure looks that way...
https://access.redhat.com/security/cve/cve-2016-1285 https://access.redhat.com/security/cve/cve-2016-1286
I don't think NSD is impacted, which is what I use for authoritative nameserver. There's an EPEL package. NSD is authoritative only, which is why I use it.
No clue about unbound.
CentOS will provide an update to fix it?
________________________________________ De: centos-bounces@centos.org [centos-bounces@centos.org] em nome de Alice Wonder [alice@domblogger.net] Enviado: quinta-feira, 10 de março de 2016 15:31 Para: centos@centos.org Assunto: Re: [CentOS] CVE-2016-1285 & CVE-2016-1286
On 03/10/2016 07:13 AM, Michael H wrote:
On 10/03/16 14:47, Leonardo Oliveira Ortiz wrote:
Hello.
I think Centos are affected, right?
Some update from Centos? _______________________________________________ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Sure looks that way...
https://access.redhat.com/security/cve/cve-2016-1285 https://access.redhat.com/security/cve/cve-2016-1286
I don't think NSD is impacted, which is what I use for authoritative nameserver. There's an EPEL package. NSD is authoritative only, which is why I use it.
No clue about unbound.
_______________________________________________ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
As soon as RHEL does.
On 03/10/2016 02:13 PM, Leonardo Oliveira Ortiz wrote:
CentOS will provide an update to fix it?
De: centos-bounces@centos.org [centos-bounces@centos.org] em nome de Alice Wonder [alice@domblogger.net] Enviado: quinta-feira, 10 de março de 2016 15:31 Para: centos@centos.org Assunto: Re: [CentOS] CVE-2016-1285 & CVE-2016-1286
On 03/10/2016 07:13 AM, Michael H wrote:
On 10/03/16 14:47, Leonardo Oliveira Ortiz wrote:
Hello.
I think Centos are affected, right?
Some update from Centos? _______________________________________________ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Sure looks that way...
https://access.redhat.com/security/cve/cve-2016-1285 https://access.redhat.com/security/cve/cve-2016-1286
I don't think NSD is impacted, which is what I use for authoritative nameserver. There's an EPEL package. NSD is authoritative only, which is why I use it.
No clue about unbound.
CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos _______________________________________________ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Looking at the redhat CVE it looks like *by default config* it is not vulnerable except from the localhost.
On 03/10/2016 02:37 PM, Alice Wonder wrote:
As soon as RHEL does.
On 03/10/2016 02:13 PM, Leonardo Oliveira Ortiz wrote:
CentOS will provide an update to fix it?
De: centos-bounces@centos.org [centos-bounces@centos.org] em nome de Alice Wonder [alice@domblogger.net] Enviado: quinta-feira, 10 de março de 2016 15:31 Para: centos@centos.org Assunto: Re: [CentOS] CVE-2016-1285 & CVE-2016-1286
On 03/10/2016 07:13 AM, Michael H wrote:
On 10/03/16 14:47, Leonardo Oliveira Ortiz wrote:
Hello.
I think Centos are affected, right?
Some update from Centos? _______________________________________________ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Sure looks that way...
https://access.redhat.com/security/cve/cve-2016-1285 https://access.redhat.com/security/cve/cve-2016-1286
I don't think NSD is impacted, which is what I use for authoritative nameserver. There's an EPEL package. NSD is authoritative only, which is why I use it.
No clue about unbound.
CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos _______________________________________________ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
For CVE-2016-1285... I think it is still vulnerable to CVE-2016-1286 ...
-----Mensagem original----- De: centos-bounces@centos.org [mailto:centos-bounces@centos.org] Em nome de Alice Wonder Enviada em: sexta-feira, 11 de março de 2016 03:12 Para: centos@centos.org Assunto: Re: [CentOS] RES: CVE-2016-1285 & CVE-2016-1286
Looking at the redhat CVE it looks like *by default config* it is not vulnerable except from the localhost.
On 03/10/2016 02:37 PM, Alice Wonder wrote:
As soon as RHEL does.
On 03/10/2016 02:13 PM, Leonardo Oliveira Ortiz wrote:
CentOS will provide an update to fix it?
De: centos-bounces@centos.org [centos-bounces@centos.org] em nome de Alice Wonder [alice@domblogger.net] Enviado: quinta-feira, 10 de março de 2016 15:31 Para: centos@centos.org Assunto: Re: [CentOS] CVE-2016-1285 & CVE-2016-1286
On 03/10/2016 07:13 AM, Michael H wrote:
On 10/03/16 14:47, Leonardo Oliveira Ortiz wrote:
Hello.
I think Centos are affected, right?
Some update from Centos? _______________________________________________ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Sure looks that way...
https://access.redhat.com/security/cve/cve-2016-1285 https://access.redhat.com/security/cve/cve-2016-1286
I don't think NSD is impacted, which is what I use for authoritative nameserver. There's an EPEL package. NSD is authoritative only, which is why I use it.
No clue about unbound.
CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos _______________________________________________ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
_______________________________________________ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
On 03/10/2016 08:47 AM, Leonardo Oliveira Ortiz wrote:
Hello.
I think Centos are affected, right?
Some update from Centos? _______________________________________________ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
If / When Red Hat releases any software related to these CVEs, that source code will be rebuilt and released, then announced.
-
Alice Wonder -
Johnny Hughes -
Leonardo Oliveira Ortiz -
Michael H