kernel security updates for SACK blocks & co

Support for security such as Firewalls and securing linux
Post Reply
maksimov_d
Posts: 1
Joined: 2019/06/18 11:42:51

kernel security updates for SACK blocks & co

Post by maksimov_d » 2019/06/18 12:03:46

Hello

I would like to know when the kernel security updates for CentOS 6.x become available, which cover vulnerabilities:
  • CVE-2019-3896
  • CVE-2019-11477
  • CVE-2019-11478
  • CVE-2019-11479
For Red Hat, new packages have already been released and are available:
- https://access.redhat.com/errata/RHSA-2019:1488: kernel-2.6.32-754.15.3.el6.x86_64.rpm

While in the repository for CentOS 6, the latest available version of the package:
- http://mirror.centos.org/centos/6/updat ... /Packages/: kernel-2.6.32-754.14.2.el6.x86_64.rpm

Can you please tell what time it takes to prepare new packages and update the repository for CentOS 6?

User avatar
TrevorH
Site Admin
Posts: 33191
Joined: 2009/09/24 10:40:56
Location: Brighton, UK

Re: kernel security updates for SACK blocks & co

Post by TrevorH » 2019/06/18 15:34:31

CentOS doesn't get access to the source until Redhat release the binary packages for RHEL. They then have to be rebuilt, tested, signed, tested again and released. Usual ETA for updates is between a few hours and days depending on what problems occur during the rebuild, what things need to be tested and what, if anything, fails.
The future appears to be RHEL or Debian. I think I'm going Debian.
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 and 6 are deadest, do not use them.
Use the FAQ Luke

SeijiSensei
Posts: 12
Joined: 2015/10/05 21:25:41

Re: kernel security updates for SACK blocks & co

Post by SeijiSensei » 2019/06/24 18:54:26

I updated my CentOS 6.10 system today and now have kernel 2.6.32-754.15.3.el6.x86_64. Given that it's the same version number as the article describes for RedHat, I assume this kernel has been patched. Is that correct?

User avatar
TrevorH
Site Admin
Posts: 33191
Joined: 2009/09/24 10:40:56
Location: Brighton, UK

Re: kernel security updates for SACK blocks & co

Post by TrevorH » 2019/06/24 18:56:40

CentOS packages always match the upstream versions if the package has not been modified by CentOS. Except kernels which always match version numbers even if they are modified by CentOS. So, yes.
The future appears to be RHEL or Debian. I think I'm going Debian.
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 and 6 are deadest, do not use them.
Use the FAQ Luke

Post Reply