Looking at the redhat CVE it looks like *by default config* it is not vulnerable except from the localhost. On 03/10/2016 02:37 PM, Alice Wonder wrote: > As soon as RHEL does. > > On 03/10/2016 02:13 PM, Leonardo Oliveira Ortiz wrote: >> CentOS will provide an update to fix it? >> >> ________________________________________ >> De: centos-bounces at centos.org [centos-bounces at centos.org] em nome de >> Alice Wonder [alice at domblogger.net] >> Enviado: quinta-feira, 10 de março de 2016 15:31 >> Para: centos at centos.org >> Assunto: Re: [CentOS] CVE-2016-1285 & CVE-2016-1286 >> >> On 03/10/2016 07:13 AM, Michael H wrote: >>> On 10/03/16 14:47, Leonardo Oliveira Ortiz wrote: >>>> Hello. >>>> >>>> I think Centos are affected, right? >>>> >>>> Some update from Centos? >>>> _______________________________________________ >>>> CentOS mailing list >>>> CentOS at centos.org >>>> https://lists.centos.org/mailman/listinfo/centos >>>> >>> >>> Sure looks that way... >>> >>> https://access.redhat.com/security/cve/cve-2016-1285 >>> https://access.redhat.com/security/cve/cve-2016-1286 >>> >>> >> >> I don't think NSD is impacted, which is what I use for authoritative >> nameserver. There's an EPEL package. NSD is authoritative only, which is >> why I use it. >> >> No clue about unbound. >> >> _______________________________________________ >> CentOS mailing list >> CentOS at centos.org >> https://lists.centos.org/mailman/listinfo/centos >> _______________________________________________ >> CentOS mailing list >> CentOS at centos.org >> https://lists.centos.org/mailman/listinfo/centos >> > > _______________________________________________ > CentOS mailing list > CentOS at centos.org > https://lists.centos.org/mailman/listinfo/centos