View Issue Details
ID | Project | Category | View Status | Date Submitted | Last Update |
---|---|---|---|---|---|
0017386 | CentOS-8 | dnf | public | 2020-05-22 10:06 | 2020-05-26 23:34 |
Reporter | ankitvashistha | Assigned To | |||
Priority | high | Severity | major | Reproducibility | always |
Status | new | Resolution | open | ||
Summary | 0017386: CentOS Official Repositories are missing Fixed Vulnerability Packages | ||||
Description | I am using CentOS:8 image on Docker and have recently got reported about many vulnerable system packages whose fixes are available. Following are the Vulnerability IDs and their fixes in specified versions however, the same are not available in the CentOS repositories. How can i update all these packages. Also, is there any repository which is certified by CentOS which i can use to get the latest version of packages or at-least the versions with vulnerability fixes in them. CVE - Pkg Name - Fix version -------------------------------------------------------------- RHSA-2020:1827 - libxml2 - 0:2.9.7-7.el8 RHSA-2020:1792 - curl - 0:7.61.1-12.el8 RHSA-2020:1804 - sudo - 0:1.8.29-5.el8 RHSA-2020:1794 - systemd - 239-29.el8 RHSA-2020:1787 - unzip - 6.0-43.el8 RHSA-2020:1852 - patch - 2.7.6-11.el8 RHSA-2020:1828 - glibc - 2.28-101.el8 RHSA-2020:1840 - openssl - 1.1.1c-15.el8 RHSA-2020:1797 - binutils - 2.30-73.el8 | ||||
Steps To Reproduce | dnf update -y and check for fixed versions. | ||||
Additional Information | I am using official CentOS repositories to rely on the updates available for fixed vulnerabilities. | ||||
Tags | docker, repo, systemd | ||||
RHSA-* is short for "Red Hat Security Advisory", and describes vulnerabilities and fixes in RedHat Enterprise Linux (RHEL). There is a delay between RHEL patches being released and them landing into CentOS, so there isn't much more to do than to wait, and apply any workarounds/mitigations described in RHSA until then. |
|
Date Modified | Username | Field | Change |
---|---|---|---|
2020-05-22 10:06 | ankitvashistha | New Issue | |
2020-05-22 10:06 | ankitvashistha | Tag Attached: docker | |
2020-05-22 10:06 | ankitvashistha | Tag Attached: repo | |
2020-05-22 10:06 | ankitvashistha | Tag Attached: systemd | |
2020-05-26 23:34 | antaln | Note Added: 0036999 |