I recently had a hit from an automated scanner for a bind security flaw in the latest CentOS container image. A little digging revealed the bind-license package is installed, but not needed for anything (I imagine it's a leftover from something else).
➜ ~ docker run -it elasticsearch:7.1.1 rpm -q bind-license
bind-license-9.9.4-73.el7_6.noarch
➜ ~ docker run -it elasticsearch:7.1.1 rpm -ql bind-license
/usr/share/doc/bind-license-9.9.4
/usr/share/doc/bind-license-9.9.4/COPYRIGHT
➜ ~ docker run -it elasticsearch:7.1.1 rpm -ql --whatrequires bind-license
no package requires bind-license
I recently had a hit from an automated scanner for a bind security flaw in the latest CentOS container image. A little digging revealed the bind-license package is installed, but not needed for anything (I imagine it's a leftover from something else).
It would be helpful if this package was removed.