[CentOS] Bind Vulnerability CVE-2016-2775

Thu Sep 1 13:10:12 UTC 2016
Jonathan Billings <billings at negate.org>

On Thu, Sep 01, 2016 at 08:34:08AM +0000, James Pearson wrote:
> Sidharth Sharma:
> >
> > When we can expect Security Update for Bind Vulnerability on Centos 6.8/7.2?
> > ISC BIND Lightweight Resolver Protocol Req Processing Dos Vulnerability:
>  >CVE-2016-2775
> See:
>  https://access.redhat.com/security/cve/cve-2016-2775

The important takeaway is that Red Hat has marked it as "Will Not
Fix", and in the BZ, the statement is:

"Red Hat Product Security has rated this issue as having Moderate
security impact. This issue is not currently planned to be addressed
in future updates. For additional information, refer to the Issue
Severity Classification:

Note that this issue only affects BIND deployments that make use of
the non-default lightweight resolver protocol for name resolution. "

Jonathan Billings <billings at negate.org>