Page 1 of 1

Patch Lists

Posted: 2020/06/26 10:57:52
by Back4Breakfast
Hi All

Newbie question but for PCI DSS, I need to find a vendor list of patches available for CentOS7. I've hunted the main site for hours and can find several FAQs on how to check what patches are available, but I need a list provided by the CentOS developers that shows all patches so I can correlate them with the servers I'm reviewing.

Any ideas where I can find the elusive patch list?

Many Thanks

Re: Patch Lists

Posted: 2020/06/26 10:58:55
by TrevorH
I really doubt if such a thing exists.

Re: Patch Lists

Posted: 2020/06/26 11:10:35
by Back4Breakfast
Ahhh that's a bummer. Wonder how many people are able to use CentOS then for PCI Requirement 6.2. Is it just version 7 that doesn't have a list 8 does? Or is just something that isn't done across the board?

Re: Patch Lists

Posted: 2020/06/26 11:31:57
by TrevorH
CentOS doesn't track or produce CVE lists which means that for example, yum update --security does not work.

For CentOS, the only way to operate is to assume that all updates are for security purposes and put them all on ASAP.

Re: Patch Lists

Posted: 2020/06/26 11:35:31
by Back4Breakfast
Ah ok - makes sense. I think I may have to sample something different then. I believe CentOS is classed as an OS that is not prone to malware etc. Its a shame as last year CentOS5 did have a link - https://www.centos.org/docs/5/html/Depl ... dates.html - but that's dead and that's version 5 so guessing it wasn't a list of updates but more how to find what is missing?

Thanks for your help though - very much appreciated! :)

Re: Patch Lists

Posted: 2020/06/26 11:51:42
by TrevorH
That link for el5 is most likely copied from the upstream RHEL 5 docs and was never valid. No version of CentOS has ever shipped the security metadata necessary for the yum-security package to function. That's only available on RHEL.

Re: Patch Lists

Posted: 2020/06/26 11:54:05
by Back4Breakfast
Cool thanks for that - most helpful. I'll revise the Sample accordingly.