Project

General

Profile

New packages for Bind and openssl address several vulnerabilities

openSSL fixed vulnerabilities:

  • CVE-2016-2107
  • CVE-2016-2178
  • CVE-2016-2108
  • CVE-2016-6304
  • CVE-2016-2179
  • CVE-2016-2177
  • CVE-2016-2105
  • CVE-2016-2106
  • CVE-2016-6306

Bind fixed issues and vulnerabilities:

  • Tue Jan 10 2017 Petr Menšík <> - 32:9.8.2-0.47.rc1.4
    - Fix CVE-2016-9147 (ISC change 4510)
    - Fix regression introduced by CVE-2016-8864 (ISC change 4530)
  • Mon Oct 31 2016 Tomas Hozza <> - 32:9.8.2-0.47.rc1.3
    - Fix CVE-2016-8864
  • Mon Oct 17 2016 Tomas Hozza <> - 32:9.8.2-0.47.rc1.2
    - Fix CVE-2016-2848

Solution:

upgrade with bind-9.8.2-0.47.rc1.el6_8.4.x86_64.rpm package from viapps repo.
upgrade with bind-chroot-9.8.2-0.47.rc1.el6_8.4.x86_64.rpm package from viapps repo.
upgrade with bind-devel-9.8.2-0.47.rc1.el6_8.4.x86_64.rpm package from viapps repo.
upgrade with bind-libs-9.8.2-0.47.rc1.el6_8.4.x86_64.rpm package from viapps repo.
upgrade with bind-utils-9.8.2-0.47.rc1.el6_8.4.x86_64.rpm package from viapps repo.

upgrade with openssl-1.0.1e-48.el6_8.3.x86_64.rpm package from viapps repo.
upgrade with openssl-devel-1.0.1e-48.el6_8.3.x86_64.rpm package from viapps repo.

Signatures

135e1451aebec14289186181ec8be685 bind-9.8.2-0.47.rc1.el6_8.4.x86_64.rpm
11067b09a865ef03c2b184a0e70e1d91 bind-chroot-9.8.2-0.47.rc1.el6_8.4.x86_64.rpm
8080e85e6c7b9b9f884c2ec02976d30d bind-devel-9.8.2-0.47.rc1.el6_8.4.x86_64.rpm
21fb614e25ce39b79c5d2789bfe2e0ba bind-libs-9.8.2-0.47.rc1.el6_8.4.x86_64.rpm
7fbcd18161f4b7371206b6358d8a4c4b bind-sdb-9.8.2-0.47.rc1.el6_8.4.x86_64.rpm
24a64771af5cf83fe0513846fdfcff07 bind-utils-9.8.2-0.47.rc1.el6_8.4.x86_64.rpm
b00915d80d951fc0d77ad1a51abe9a83 openssl-1.0.1e-48.el6_8.3.x86_64.rpm
c35ff9815a4389b24621de9dcd1d791b openssl-devel-1.0.1e-48.el6_8.3.x86_64.rpm

How to apply:

  1. Copy downloaded rpms to cmi:/var/www/repo/x86_64
  2. Update CMI repo
    [root@cmi ~] createrepo --update /var/www/repo/x86_64
    
  3. Update DNS/DHCP/NTP node. Either
    1. From CMI front end -> Appliances -> Setup -> Minor packages Upgrade
    2. Or manually:
      [root@dns ~] yum clean all # (clear yum cache)
      [root@dns ~] yum -y update bind openssl
      [...]
      
      Complete!