On Mon, 16 Mar 2020 at 12:17, koka miptpatriot <miptpatriot@xxxxxxxxx>
wrote:
> Hello
>
> Clair vulnerability scanner considers the latest version of CentOS mariadb
> vulnerable, because of RHSA-2019:3708
> It states, that mariadb must be updated at least to the version
> "10.3.17-1.module+el8.1.0+3974+90eded84". CentOS' last version is
> "10.3.17-1.module_el8.1.0+257+48736ea6". Rpm/yum considers CentOS' version
> older, than RHEL's.
>
> % rpmdev-vercmp 3:10.3.17-1.module_el8.1.0+257+48736ea6 3:10.3.17-1.module+
> el8.1.0+3974+90eded84
> 3:10.3.17-1.module_el8.1.0+257+48736ea6 < 3:10.3.17-1.module+el8.1.0+3974+
> 90eded84
>
> That's why Clair considers it's vulnerable. Is there any way to fix it?
>
>
The issue is that you can not get equivalent versions of CentOS modules to
Red Hat modules because the MBS versioning system uses some sort of hash to
separate builds apart. You also can not compare CentOS to Red Hat
Enterprise Linux packages using rpmdev-vercmp but have to do your own
auditing to see if they are equivalent.
> --
> skype: miptpatriot
> _______________________________________________
> CentOS mailing list
> CentOS@xxxxxxxxxx
> https://lists.centos.org/mailman/listinfo/centos
>
--
Stephen J Smoogen.
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
https://lists.centos.org/mailman/listinfo/centos
