Search found 8 matches

by tmandel
2022/03/25 00:46:07
Forum: CentOS 7 - Security Support
Topic: CVE-2022-22720
Replies: 6
Views: 1487

Re: CVE-2022-22720

Many thanks for your feedback.

Regards,
Thelvaen
by tmandel
2022/03/24 15:01:33
Forum: CentOS 7 - Security Support
Topic: CVE-2022-22720
Replies: 6
Views: 1487

CVE-2022-22720

Dear team,

RH just released corrected package for httpd on RH7 ( https://access.redhat.com/errata/RHSA-2022:1045 ), could you please confirm that it's going to be in your pipe for recompilation and will be distributed on your security repository?

Many thanks for your support.

Regards,
Thelvaen
by tmandel
2022/01/30 00:29:06
Forum: CentOS 7 - Security Support
Topic: How to activate firewall on Centos server?
Replies: 2
Views: 1173

Re: How to activate firewall on Centos server?

I would also do a

Code: Select all

sudo firewall-cmd --add-service=ssh --permanent
Then you can go with a

Code: Select all

sudo firewall-cmd --reload
or a

Code: Select all

sudo systemctl restart firewalld
by tmandel
2022/01/26 11:16:12
Forum: CentOS 7 - Security Support
Topic: Questions regarding vulnerabilities CVE-2022-0185 and CVE-2021-4034
Replies: 7
Views: 2454

Re: Questions regarding vulnerabilities CVE-2022-0185 and CVE-2021-4034

Red Hat backport fixes to both CentOS 7 and 8 still. Red Hat backport enhancements and new features only for CentOS 8 (CentOS 7 has moved out of the relevant maintenance phase to get such active support). Yup, Kernel 5.x was in RC phase while RH8 was being pushed out, so we can assume they got in a...
by tmandel
2022/01/26 11:00:28
Forum: CentOS 7 - Security Support
Topic: Questions regarding vulnerabilities CVE-2022-0185 and CVE-2021-4034
Replies: 7
Views: 2454

Re: Questions regarding vulnerabilities CVE-2022-0185 and CVE-2021-4034

If I to refer to https://access.redhat.com/security/cve/CVE-2022-0185, CentOS 8 might be impacted tho, even if it's in 4.18, feature might have been backported.
by tmandel
2022/01/26 00:05:48
Forum: CentOS 7 - Security Support
Topic: CVE-2021-39275 patch availability
Replies: 4
Views: 1436

Re: CVE-2021-39275 patch availability

I can confirm that package a package named httpd-2.4.6-97.el7.centos.4.x86_64.rpm is indeed in the repository.

I'm assuming that the .centos.4 is equivalent to the el7_9.4, so it should indeed be the package fixing that CVE :)

Thanks for your help & support.
Regards,
Thelvaen
by tmandel
2022/01/25 16:31:41
Forum: CentOS 7 - Security Support
Topic: CVE-2021-39275 patch availability
Replies: 4
Views: 1436

Re: CVE-2021-39275 patch availability

TrevorH wrote:
2022/01/25 14:26:15
It was missed and is being built.
Thanks :)
by tmandel
2022/01/25 13:44:40
Forum: CentOS 7 - Security Support
Topic: CVE-2021-39275 patch availability
Replies: 4
Views: 1436

CVE-2021-39275 patch availability

Hello folks,

RedHat provided a fix for the RCE allowed by the vulnerability CVE-2021-39275, on January 17th.

Do you know when the fix will be available on CentOS packages?

Regards,
Thelvaen Mandel