pemensik at redhat.com
Mon May 3 12:48:08 UTC 2021
Red Hat have been building their BIND packages with --disable-isc-spnego
configure parameter for years, all versions still somehow supported by
Red Hat are built with them. This means the mentioned issue should not
affect Red Hat packages. Please visit  to check affected versions.
Your version is still vulnerable to CVE-2021-25215   however,
upgrade to a fixed version is required anyway. But your BIND9 kerberos
support should be fine as it is.
On 4/30/21 4:21 PM, Jordan Tinsley wrote:
> I have a question -
> Is BIND 9.11.6 (Extended Support Version) vulnerable?
If this is vanilla build without special parameters, it is most likely
> Is BIND 9.11.4-P2-RedHat-9.11.4-26.P2.el7_9.3 (Extended Support Version)
This version is not vulnerable. Check named -V | grep
disable-isc-spnego, if it finds the string, it is not affected.
Red Hat, http://www.redhat.com/
email: pemensik at redhat.com
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 495 bytes
Desc: OpenPGP digital signature
More information about the bind-users