Page 1 of 1

Centos7 patches and Vulnerabilities

Posted: 2020/12/23 10:29:02
by mania
hi,
I have a centos7.6-1810(kernel 3.10.0-957),I want to know if below vulnerabilities are applicable or not? I have searched a lot in the internet and did not find any page that talk about centos patches or if these CVEs are applicable ?
CVE-2020-10766
CVE-2020-10767
CVE-2020-10768
CVE-2020-10781
CVE-2020-14304
CVE-2020-14314
CVE-2020-14331
CVE-2020-14385
CVE-2020-14386
CVE-2020-14390
CVE-2020-25284
CVE-2020-8028

Re: Centos7 patches and Vulnerabilities

Posted: 2020/12/23 10:41:34
by ms217
CentOS 7.3-1810, is that a typo?

If you should really run CentOS 7.3 or 7.6, then I can only recommend to update your CentOS to the newest release, since the Kernel wouldn't be the only thing to worry about.
And regarding your question: RHEL takes care of any severe vulnerabilities and fixes their products. So even though Kernel 3.10 is quiet old they maintain their kernel until RHEL/CentOS 7 reached EOL.

So, updating your CentOS to the latest CentOS 7.9-2009 should include and fix any of these vulnerabilities and if they weren't applicable to 3.10 then it won't be fixed because there was no reason.

Don't forget to reboot your server once the new Kernel was installed.

Re: Centos7 patches and Vulnerabilities

Posted: 2020/12/23 11:39:58
by TrevorH
Neither 7.3 nor 7.6 are supported. Only 7.9 is. You need to yum update to get to 7.9 and then recheck.

Use the Red Hat CVE pages to check the list of CVE numbers and see which ones are fixed. Substitute the CVE numbers in https://access.redhat.com/security/cve/cve-yyyy-mmmm to read about them.

Re: Centos7 patches and Vulnerabilities

Posted: 2020/12/23 11:48:00
by mania
unfortunately, I did not find any specific patch or solution providing by Redhat for centos related to these vulnerabilities. If you find a link would you please send here?

Re: Centos7 patches and Vulnerabilities

Posted: 2020/12/23 13:48:05
by TrevorH
You didn't look at the right place then. For the first one on your list, check https://access.redhat.com/security/cve/CVE-2020-10766

Now substitute the other CVE numbers in that url...

Re: Centos7 patches and Vulnerabilities

Posted: 2020/12/26 06:28:53
by mania
Do you mean "Red Hat CoreOS" in the package column?(I highlighted it in attached file). The Distribution is not centOS. Is it talking about CentOs vulnerabilities?

Re: Centos7 patches and Vulnerabilities

Posted: 2020/12/26 06:57:08
by Whoever
mania wrote:
2020/12/26 06:28:53
Do you mean "Red Hat CoreOS" in the package column?(I highlighted it in attached file). The Distribution is not centOS. Is it talking about CentOs vulnerabilities?

No, he means the row "Red Hat Enterprise Linux 7", which is the source for CentOS 7.