s***@st.ilet.to
2018-09-20 11:52:28 UTC
hi there, and apologies if this isn't the correct place to turn to, but
the OVAL boards have been inactive since 2015 and perhaps the people who
maintain these files lurk here and will notice.
In short:
CVE-2018-5740 Applies to named, when running, with a specific option set
[1]
The OVAL [2] dictionaries (which are consumed by vulnerability scanners)
for RedHat (and derivatives) [3],[4] lists the following packages as
affected
bind
bind-chroot
bind-devel
bind-libs
bind-libs-lite
bind-license
bind-lite-devel
bind-pkcs11
bind-pkcs11-devel
bind-pkcs11-libs
bind-pkcs11-utils
bind-sdb
bind-sdb-chroot
bind-utils
named is only contained in the bind package, and this list is causing no
end of problems on hosts that, for example, only want bind-utils and
dependencies (of which bind -containing named- is not).
Could whoever maintains these take a look?
thank you for you time
[1] https://kb.isc.org/docs/aa-01639
[2] https://oval.mitre.org
[3] https://www.redhat.com/security/data/oval/
[4] https://linux.oracle.com/security/oval/
the OVAL boards have been inactive since 2015 and perhaps the people who
maintain these files lurk here and will notice.
In short:
CVE-2018-5740 Applies to named, when running, with a specific option set
[1]
The OVAL [2] dictionaries (which are consumed by vulnerability scanners)
for RedHat (and derivatives) [3],[4] lists the following packages as
affected
bind
bind-chroot
bind-devel
bind-libs
bind-libs-lite
bind-license
bind-lite-devel
bind-pkcs11
bind-pkcs11-devel
bind-pkcs11-libs
bind-pkcs11-utils
bind-sdb
bind-sdb-chroot
bind-utils
named is only contained in the bind package, and this list is causing no
end of problems on hosts that, for example, only want bind-utils and
dependencies (of which bind -containing named- is not).
Could whoever maintains these take a look?
thank you for you time
[1] https://kb.isc.org/docs/aa-01639
[2] https://oval.mitre.org
[3] https://www.redhat.com/security/data/oval/
[4] https://linux.oracle.com/security/oval/