hi,
I have a centos7.6-1810(kernel 3.10.0-957),I want to know if below vulnerabilities are applicable or not? I have searched a lot in the internet and did not find any page that talk about centos patches or if these CVEs are applicable ?
CVE-2020-10766
CVE-2020-10767
CVE-2020-10768
CVE-2020-10781
CVE-2020-14304
CVE-2020-14314
CVE-2020-14331
CVE-2020-14385
CVE-2020-14386
CVE-2020-14390
CVE-2020-25284
CVE-2020-8028
Centos7 patches and Vulnerabilities
Centos7 patches and Vulnerabilities
Last edited by mania on 2020/12/23 11:09:16, edited 1 time in total.
Re: Centos7 patches and Vulnerabilities
CentOS 7.3-1810, is that a typo?
If you should really run CentOS 7.3 or 7.6, then I can only recommend to update your CentOS to the newest release, since the Kernel wouldn't be the only thing to worry about.
And regarding your question: RHEL takes care of any severe vulnerabilities and fixes their products. So even though Kernel 3.10 is quiet old they maintain their kernel until RHEL/CentOS 7 reached EOL.
So, updating your CentOS to the latest CentOS 7.9-2009 should include and fix any of these vulnerabilities and if they weren't applicable to 3.10 then it won't be fixed because there was no reason.
Don't forget to reboot your server once the new Kernel was installed.
If you should really run CentOS 7.3 or 7.6, then I can only recommend to update your CentOS to the newest release, since the Kernel wouldn't be the only thing to worry about.
And regarding your question: RHEL takes care of any severe vulnerabilities and fixes their products. So even though Kernel 3.10 is quiet old they maintain their kernel until RHEL/CentOS 7 reached EOL.
So, updating your CentOS to the latest CentOS 7.9-2009 should include and fix any of these vulnerabilities and if they weren't applicable to 3.10 then it won't be fixed because there was no reason.
Don't forget to reboot your server once the new Kernel was installed.
Re: Centos7 patches and Vulnerabilities
Neither 7.3 nor 7.6 are supported. Only 7.9 is. You need to yum update to get to 7.9 and then recheck.
Use the Red Hat CVE pages to check the list of CVE numbers and see which ones are fixed. Substitute the CVE numbers in https://access.redhat.com/security/cve/cve-yyyy-mmmm to read about them.
Use the Red Hat CVE pages to check the list of CVE numbers and see which ones are fixed. Substitute the CVE numbers in https://access.redhat.com/security/cve/cve-yyyy-mmmm to read about them.
The future appears to be RHEL or Debian. I think I'm going Debian.
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 and 6 are deadest, do not use them.
Use the FAQ Luke
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 and 6 are deadest, do not use them.
Use the FAQ Luke
Re: Centos7 patches and Vulnerabilities
unfortunately, I did not find any specific patch or solution providing by Redhat for centos related to these vulnerabilities. If you find a link would you please send here?
Re: Centos7 patches and Vulnerabilities
You didn't look at the right place then. For the first one on your list, check https://access.redhat.com/security/cve/CVE-2020-10766
Now substitute the other CVE numbers in that url...
Now substitute the other CVE numbers in that url...
The future appears to be RHEL or Debian. I think I'm going Debian.
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 and 6 are deadest, do not use them.
Use the FAQ Luke
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 and 6 are deadest, do not use them.
Use the FAQ Luke
Re: Centos7 patches and Vulnerabilities
Do you mean "Red Hat CoreOS" in the package column?(I highlighted it in attached file). The Distribution is not centOS. Is it talking about CentOs vulnerabilities?