On 10/16/2016 10:28 PM, マスターズ イアン wrote: > I'd like to know if the present version of Bind in CentOS 6 (bind-9.8.2-0.47.rc1.el6_8.1.x86_64) is vulerable to CVE-2016-2776. > > According tohttps://www.isc.org/downloads/, version 9.8.x is End-of-Life (EOL) as of Sep 2014. Red Hat continues to maintain their own fork of 9.8 for EL6, and this RHSA https://rhn.redhat.com/errata/RHSA-2016-1944.html says that version of bind you mention does indeed include the fix to that CVE. CentOS is built from the same SRPM's. -- john r pierce, recycling bits in santa cruz