In Plesk Automation uses BIND package
9.8.2 for providing DNS hosting. This version of BIND is vulnerable to CVE-2012-1667
How can we update BIND package to secured version, for example bind-9.10.3?
Plesk Automation uses default CentOS/RHEL repository to install system packages. All packages in RHEL are maintained and supported by RedHat from the release of the major version for 10 years so CentOS 5 will receive security updates until 2017, CentOS 6 until 2020.
RedHat have a policy of taking the fix from the code from later versions and backporting it to the version that was originally released and keeping the version number the same. So you can check that vulnerability
CVE-2012-1667 was fixed in
bind-9.8.2-0.37.rc1.el6_7.4.x86_64 package by following command:
[root@pa115mn ~]# yum info bind Loaded plugins: fastestmirror Loading mirror speeds from cached hostfile * base: mirror.digitalhusky.com * extras: mirror.digitalhusky.com * updates: mirror.digitalhusky.com Installed Packages Name : bind Arch : x86_64 Epoch : 32 Version : 9.8.2 Release : 0.37.rc1.el6_7.4 Size : 7.3 M Repo : installed Summary : The Berkeley Internet Name Domain (BIND) DNS (Domain Name System) server URL : http://www.isc.org/products/BIND/ License : ISC Description : BIND (Berkeley Internet Name Domain) is an implementation of the DNS : (Domain Name System) protocols. BIND includes a DNS server (named), : which resolves host names to IP addresses; a resolver library : (routines for applications to use when interfacing with DNS); and : tools for verifying that the DNS server is operating properly. [root@pa115mn ~]# rpm -q bind-9.8.2-0.37.rc1.el6_7.4.x86_64 --changelog bind | grep CVE-2012-1667 - fix CVE-2012-1667 - fix CVE-2012-1667
It means that hotfix for CVE-2012-1667 was included in installed BIND package and it's not needed to perform additional actions to close this vulnerability.
In other case you can use
yum update bind package to install latest package updates.
NOTE: please make sure that bind package updates will be installed from default CentOS/RHEL repositories.