cve-2020-25284

Support for security such as Firewalls and securing linux
Post Reply
mania
Posts: 49
Joined: 2020/12/19 05:55:37

cve-2020-25284

Post by mania » 2020/12/26 08:35:48

Hi,
I have a server on CentOS 7.6(18010), I searched for cve-2020-25284 to know if it is vulnerable? as you can see in the below link this CVE is Out of support scope for RedHat Enterprise 7 while EOL on CentOS7 is 2024.
what does it mean actually? Is CentOS 7.6 vulnerable and how can I mitigate?


https://access.redhat.com/security/cve/cve-2020-25284

MartinR
Posts: 714
Joined: 2015/05/11 07:53:27
Location: UK

Re: cve-2020-25284

Post by MartinR » 2020/12/26 11:49:46

C7.6 went out of support on 17 September last year when 7.7-1908 was released. C7.7 also went out of support on 27 April this year when 7.8-2003 came out. Guess what, that has also been superseded, on 12 November by 7.9-2009. You have therefore had no support for 15 months, 3 point releases and several updates. Who kbnows if you are vulnerable? Who (apart from yourself) cares? Update to the latest version ASAP if you have any connection from your machine to the internet.

mania
Posts: 49
Joined: 2020/12/19 05:55:37

Re: cve-2020-25284

Post by mania » 2020/12/26 12:25:29

I dont have Internet access at all, in the other words it is forbidden in the datacenter which my server is located . Is there any way to download and install it offline? Is there any patch?

mania
Posts: 49
Joined: 2020/12/19 05:55:37

Re: cve-2020-25284

Post by mania » 2020/12/26 13:21:34

as you can see in that link version of CentOs does not mentioned. I think it is not related to version and it talk about Red Hat Enterprise Linux 7 .

Red Hat Enterprise Linux 7 kernel-rt Out of support scope

User avatar
TrevorH
Site Admin
Posts: 33202
Joined: 2009/09/24 10:40:56
Location: Brighton, UK

Re: cve-2020-25284

Post by TrevorH » 2020/12/26 15:16:18

The link you provided has a workaround by blacklisting the module. If it cannot be loaded then the vulnerbility is mitigated.
The future appears to be RHEL or Debian. I think I'm going Debian.
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 and 6 are deadest, do not use them.
Use the FAQ Luke

mania
Posts: 49
Joined: 2020/12/19 05:55:37

Re: cve-2020-25284

Post by mania » 2020/12/27 06:52:01

this CVE is not so important to me . I am moving from CentOs7.6 to 7.9 , I decided to have fresh installation of CentOS7.9. Therefore I want to know if Redhat support CentOS7.9 and can I resolve future Vulnerability?

User avatar
jlehtone
Posts: 4523
Joined: 2007/12/11 08:17:33
Location: Finland

Re: cve-2020-25284

Post by jlehtone » 2020/12/27 09:39:12

Red Hat does provide support for RHEL 7 (paid subscriptions) and will provide (security) fixes to RHEL 7 until 2024.
Red Hat allows (funds) CentOS project to rebuild RHEL 7 public sources into CentOS Linux 7 packages (until 2024).

Post Reply