Skip to main content

PCI Fail - ISC Bind Version No Longer Supported

Comments

4 comments

  • quizknows
    Since you are on RHEL/CentOS 6 (or so it seems) your OS is supported and should still be receiving updates. Run a "yum update" from a root shell, ensure all packages are up to date. Then run this:
    rpm -q --changelog bind > bind_changelog.txt
    That text file should show that your bind version is up to date and received updates as recent as Dec 2015. Send the file to your PCI vendor and dispute the findings as your version is receiving backported security fixes.
    0
  • meljc
    Thanks Quizknows. I already did a yum update and the version was still the same. I'll try the other command. I think the issue is that the version I have is no longer supported, so even if there are security fixes, they want the next version 9.9.8 or higher.
    0
  • cPanelMichael
    Hello :) You should be able to provide them the output of the RPM command to show that security patches have been backported to the existing version of Bind. Thank you.
    0
  • quizknows
    Thanks Quizknows. I already did a yum update and the version was still the same. I'll try the other command. I think the issue is that the version I have is no longer supported, so even if there are security fixes, they want the next version 9.9.8 or higher.

    We deal with this all the time with PCI vendors. They only look at the version number and not whether or not it's actively receiving backports. You just need the changelog to prove it to them. Do not try to change/upgrade the installed version beyond what yum update provides. This is standard with a lot of things on RHEL / CentOS including OpenSSH and OpenSSL, and you may have to do the same for those RPMs in the future.
    0

Please sign in to leave a comment.