Re: A Blast from the past

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]



On 8/17/21 11:14 AM, Jonathan Billings wrote:
> On Tue, Aug 17, 2021 at 05:02:02PM +0100, Mark Woolfson wrote:
>> Unfortunately the manufacturer of our application software will only support
>> it on RHEL/CentOS 7.0. I have asked and that is all they say.
> 
> This is absurd.  The 7.0 kernel has so many vulnerabilities that are
> well known and well documented, they're forcing you to run a kernel
> that can be trivially exploited.  I would seriously push back with the
> manufacturer.  Does it have a custom kernel module that it requires?
> Or did they only test it on RHEL or CentOS 7.0 and never updated their
> documentation?
> 
> In the past, I've asked vendors that tried this kind of nonsense if
> they're willing to indemnify their customers for any security issues
> that arise as a result of using their product. Feel free to list all
> the CVEs in the current CentOS 7 kernel.  I see there are 1,125 CVEs
> mentioned in the kernel changelog. It won't hold any legal water, most
> likely, but it might get someone to at least look closer at the issue. 
> 

Both Stephen and Jonathon have hit on this .. But you need to tell your
vendor that a 7.0 kernel is vulnerable and that they need to support
newer versions.

There are so many security vulnerabilities in RHEL/CentOS from 7.0 to
7.9 .. many of them remotely exploitable.  And this is true for all
packages, not just the kernel.

If you have a RHEL/CentOS 7.0 machine running and touching the internet
without security updates .. you probably no longer are running it.
Certainly, not by yourself.


_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
https://lists.centos.org/mailman/listinfo/centos



[Index of Archives]     [CentOS]     [CentOS Announce]     [CentOS Development]     [CentOS ARM Devel]     [CentOS Docs]     [CentOS Virtualization]     [Carrier Grade Linux]     [Linux Media]     [Asterisk]     [DCCP]     [Netdev]     [Xorg]     [Linux USB]


  Powered by Linux