Re: A potentially newbie question about vulnerability patching speed in CentOS 7.x's yum repository

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]



On 30/08/17 11:09, 知乎申诉处理 wrote:
> I've been dubbing with management of security vulnerabilities and their fixes for a while, recently I discovered there may be a delay in the process of software updates made available on CentOS yum repository. 
> 
> 
> take CVE-2017-5335 for example:
> In redhat official notice board :https://access.redhat.com/security/cve/cve-2017-5335  we can see there is a link point to advisory for RHEL 7: https://access.redhat.com/errata/RHSA-2017:2292 . from there we can see that the fix happens at gnutls 3.3.26. 
> But when trying to update with yum update from a CentOS 7.3 x64 machine. there is no 3.3.26 available. Only available rpm for CentOS 7.3.1611 for x86_64 is gnutls-3.3.24.
> This result can be verified using rpm finder: https://www.rpmfind.net/linux/rpm2html/search.php?query=gnutls
> 
> 
> 
> 
> Same problem happens to other software packages such as:
> glibc
> tcpdump
> libnl
> mariadb
> ...
> (and many others)
> 
> 
> Why is that? and are those software packages not going to get fixed?
> 
> 
> - p.s. please excuse me for any formating issues.  :) 
> 
> 
> Jeff

You're searching for packages that are already built but in an "interim"
repository : RHEL 7.4 was released but CentOS 7.4.1708 isn't yet
available, while packages are built (almost all of them)

See
https://seven.centos.org/2017/08/cr-repository-for-centos-linux-7-1708-released/
and you'll have all the packages you're looking for


-- 
Fabian Arrotin
The CentOS Project | http://www.centos.org
gpg key: 56BEC54E | twitter: @arrfab

Attachment: signature.asc
Description: OpenPGP digital signature

_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
https://lists.centos.org/mailman/listinfo/centos

[Index of Archives]     [CentOS]     [CentOS Announce]     [CentOS Development]     [CentOS ARM Devel]     [CentOS Docs]     [CentOS Virtualization]     [Carrier Grade Linux]     [Linux Media]     [Asterisk]     [DCCP]     [Netdev]     [Xorg]     [Linux USB]


  Powered by Linux