Date: Thu, 20 Sep 2018 12:52:28 +0100 From: scrumpyjack@...ilet.to To: oss-security@...ts.openwall.com Subject: CVE-2018-5740 BIND (named vuln) and bad OVAL dict file maintenance hi there, and apologies if this isn't the correct place to turn to, but the OVAL boards have been inactive since 2015 and perhaps the people who maintain these files lurk here and will notice. In short: CVE-2018-5740 Applies to named, when running, with a specific option set  The OVAL  dictionaries (which are consumed by vulnerability scanners) for RedHat (and derivatives) , lists the following packages as affected bind bind-chroot bind-devel bind-libs bind-libs-lite bind-license bind-lite-devel bind-pkcs11 bind-pkcs11-devel bind-pkcs11-libs bind-pkcs11-utils bind-sdb bind-sdb-chroot bind-utils named is only contained in the bind package, and this list is causing no end of problems on hosts that, for example, only want bind-utils and dependencies (of which bind -containing named- is not). Could whoever maintains these take a look? thank you for you time  https://kb.isc.org/docs/aa-01639  https://oval.mitre.org  https://www.redhat.com/security/data/oval/  https://linux.oracle.com/security/oval/
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.