Hi!
I see that the kernel fix for CVE-2021-33909 (kernel-3.10.0-1160.36.2.el7, https://access.redhat.com/errata/RHSA-2021:2725) is not available in CentOS updates yet. What's the typical delay for inclusion in CentOS?
Thanks.
CVE-2021-33909
Re: CVE-2021-33909
I guess it depends on size of build and severity.
If we look at the previous kernel release, 3.10.0-1160.31.1.el7
* 2021-06-08 RHEL annoucement https://access.redhat.com/errata/RHSA-2021:2314
* 2021-06-14 CentOS release https://lists.centos.org/pipermail/cent ... 48337.html
If we look at the previous kernel release, 3.10.0-1160.31.1.el7
* 2021-06-08 RHEL annoucement https://access.redhat.com/errata/RHSA-2021:2314
* 2021-06-14 CentOS release https://lists.centos.org/pipermail/cent ... 48337.html
Re: CVE-2021-33909
It's building and likely to be released today/tomorrow.
CentOS 8 died a premature death at the end of 2021 - migrate to Rocky/Alma/OEL/Springdale ASAP.
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 and 6 are dead, do not use them.
Use the FAQ Luke
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 and 6 are dead, do not use them.
Use the FAQ Luke
Re: CVE-2021-33909
Is there a status page on the build progress?
Re: CVE-2021-33909
In a word, no.
CentOS 8 died a premature death at the end of 2021 - migrate to Rocky/Alma/OEL/Springdale ASAP.
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 and 6 are dead, do not use them.
Use the FAQ Luke
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 and 6 are dead, do not use them.
Use the FAQ Luke
-
harrywangca
- Posts: 106
- Joined: 2016/01/12 23:27:04
- Location: Vista California
Re: CVE-2021-33909
I am running CentOS 7.6 1810 and I referred to :
https://lists.centos.org/pipermail/cent ... 48344.html
and
http://mirror.centos.org/centos/7/updat ... s/?C=M;O=D
to download:
bpftool-3.10.0-1160.36.2.el7.x86_64.rpm
kernel-3.10.0-1160.36.2.el7.x86_64.rpm
kernel-abi-whitelists-3.10.0-1160.36.2.el7.noarch.rpm
kernel-debug-3.10.0-1160.36.2.el7.x86_64.rpm
kernel-debug-devel-3.10.0-1160.36.2.el7.x86_64.rpm
kernel-devel-3.10.0-1160.36.2.el7.x86_64.rpm
kernel-doc-3.10.0-1160.36.2.el7.noarch.rpm
kernel-headers-3.10.0-1160.36.2.el7.x86_64.rpm
kernel-tools-3.10.0-1160.36.2.el7.x86_64.rpm
kernel-tools-libs-3.10.0-1160.36.2.el7.x86_64.rpm
kernel-tools-libs-devel-3.10.0-1160.36.2.el7.x86_64.rpm
perf-3.10.0-1160.36.2.el7.x86_64.rpm
python-perf-3.10.0-1160.36.2.el7.x86_64.rpm
Probably you also need:
linux-firmware 20200421-80.git78c0348.el7_9
to put all together into a folder and go to that folder to apply all rpm via: yes | yum --disablerepo=\* update ./*.rpm ;
It works! no vulnerability to my system now.
Good luck
https://lists.centos.org/pipermail/cent ... 48344.html
and
http://mirror.centos.org/centos/7/updat ... s/?C=M;O=D
to download:
bpftool-3.10.0-1160.36.2.el7.x86_64.rpm
kernel-3.10.0-1160.36.2.el7.x86_64.rpm
kernel-abi-whitelists-3.10.0-1160.36.2.el7.noarch.rpm
kernel-debug-3.10.0-1160.36.2.el7.x86_64.rpm
kernel-debug-devel-3.10.0-1160.36.2.el7.x86_64.rpm
kernel-devel-3.10.0-1160.36.2.el7.x86_64.rpm
kernel-doc-3.10.0-1160.36.2.el7.noarch.rpm
kernel-headers-3.10.0-1160.36.2.el7.x86_64.rpm
kernel-tools-3.10.0-1160.36.2.el7.x86_64.rpm
kernel-tools-libs-3.10.0-1160.36.2.el7.x86_64.rpm
kernel-tools-libs-devel-3.10.0-1160.36.2.el7.x86_64.rpm
perf-3.10.0-1160.36.2.el7.x86_64.rpm
python-perf-3.10.0-1160.36.2.el7.x86_64.rpm
Probably you also need:
linux-firmware 20200421-80.git78c0348.el7_9
to put all together into a folder and go to that folder to apply all rpm via: yes | yum --disablerepo=\* update ./*.rpm ;
It works! no vulnerability to my system now.
Good luck
-
harrywangca
- Posts: 106
- Joined: 2016/01/12 23:27:04
- Location: Vista California
Re: CVE-2021-33909
By the way, is there any rpm for this CVE-2021-33909 and CVE-2021-33910 for CentOS 8?
I am still looking for .......
Thanks.
I am still looking for .......
Thanks.
Re: CVE-2021-33909
Do not do this.Only 7.9 gets any support. By running 7.6 you are missing out on nearly 3 years of security patches.I am running CentOS 7.6 1810 and I referred to :
CentOS 8 died a premature death at the end of 2021 - migrate to Rocky/Alma/OEL/Springdale ASAP.
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 and 6 are dead, do not use them.
Use the FAQ Luke
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 and 6 are dead, do not use them.
Use the FAQ Luke
Re: CVE-2021-33909
Red Hat has published 2021-07-20:
https://access.redhat.com/security/cve/cve-2021-33909
https://access.redhat.com/security/cve/cve-2021-33910
Corresponding CentOS Linux 8 files are dated 20.7.--21.7.