Hi,
I have a server on CentOS 7.6(18010), I searched for cve-2020-25284 to know if it is vulnerable? as you can see in the below link this CVE is Out of support scope for RedHat Enterprise 7 while EOL on CentOS7 is 2024.
what does it mean actually? Is CentOS 7.6 vulnerable and how can I mitigate?
https://access.redhat.com/security/cve/cve-2020-25284
cve-2020-25284
Re: cve-2020-25284
C7.6 went out of support on 17 September last year when 7.7-1908 was released. C7.7 also went out of support on 27 April this year when 7.8-2003 came out. Guess what, that has also been superseded, on 12 November by 7.9-2009. You have therefore had no support for 15 months, 3 point releases and several updates. Who kbnows if you are vulnerable? Who (apart from yourself) cares? Update to the latest version ASAP if you have any connection from your machine to the internet.
Re: cve-2020-25284
I dont have Internet access at all, in the other words it is forbidden in the datacenter which my server is located . Is there any way to download and install it offline? Is there any patch?
Re: cve-2020-25284
as you can see in that link version of CentOs does not mentioned. I think it is not related to version and it talk about Red Hat Enterprise Linux 7 .
Red Hat Enterprise Linux 7 kernel-rt Out of support scope
Red Hat Enterprise Linux 7 kernel-rt Out of support scope
Re: cve-2020-25284
The link you provided has a workaround by blacklisting the module. If it cannot be loaded then the vulnerbility is mitigated.
The future appears to be RHEL or Debian. I think I'm going Debian.
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 and 6 are deadest, do not use them.
Use the FAQ Luke
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 and 6 are deadest, do not use them.
Use the FAQ Luke
Re: cve-2020-25284
this CVE is not so important to me . I am moving from CentOs7.6 to 7.9 , I decided to have fresh installation of CentOS7.9. Therefore I want to know if Redhat support CentOS7.9 and can I resolve future Vulnerability?
Re: cve-2020-25284
Red Hat does provide support for RHEL 7 (paid subscriptions) and will provide (security) fixes to RHEL 7 until 2024.
Red Hat allows (funds) CentOS project to rebuild RHEL 7 public sources into CentOS Linux 7 packages (until 2024).
Red Hat allows (funds) CentOS project to rebuild RHEL 7 public sources into CentOS Linux 7 packages (until 2024).