You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I recently had a hit from an automated scanner for a bind security flaw in the latest CentOS container image. A little digging revealed the bind-license package is installed, but not needed for anything (I imagine it's a leftover from something else).
➜ ~ docker run -it elasticsearch:7.1.1 rpm -q bind-license
bind-license-9.9.4-73.el7_6.noarch
➜ ~ docker run -it elasticsearch:7.1.1 rpm -ql bind-license
/usr/share/doc/bind-license-9.9.4
/usr/share/doc/bind-license-9.9.4/COPYRIGHT
➜ ~ docker run -it elasticsearch:7.1.1 rpm -ql --whatrequires bind-license
no package requires bind-license
It would be helpful if this package was removed.
The text was updated successfully, but these errors were encountered:
I recently had a hit from an automated scanner for a bind security flaw in the latest CentOS container image. A little digging revealed the bind-license package is installed, but not needed for anything (I imagine it's a leftover from something else).
It would be helpful if this package was removed.
The text was updated successfully, but these errors were encountered: