Page 1 of 1
Posted: 2020/12/26 08:35:48
I have a server on CentOS 7.6(18010), I searched for cve-2020-25284 to know if it is vulnerable? as you can see in the below link this CVE is Out of support scope
for RedHat Enterprise 7 while EOL on CentOS7 is 2024.
what does it mean actually? Is CentOS 7.6 vulnerable and how can I mitigate?
Posted: 2020/12/26 11:49:46
C7.6 went out of support on 17 September last year when 7.7-1908 was released. C7.7 also went out of support on 27 April this year when 7.8-2003 came out. Guess what, that has also been superseded, on 12 November by 7.9-2009. You have therefore had no support for 15 months, 3 point releases and several updates. Who kbnows if you are vulnerable? Who (apart from yourself) cares? Update to the latest version ASAP if you have any connection from your machine to the internet.
Posted: 2020/12/26 12:25:29
I dont have Internet access at all, in the other words it is forbidden in the datacenter which my server is located . Is there any way to download and install it offline? Is there any patch?
Posted: 2020/12/26 13:21:34
as you can see in that link version of CentOs does not mentioned. I think it is not related to version and it talk about Red Hat Enterprise Linux 7 .
Red Hat Enterprise Linux 7 kernel-rt Out of support scope
Posted: 2020/12/26 15:16:18
The link you provided has a workaround by blacklisting the module. If it cannot be loaded then the vulnerbility is mitigated.
Posted: 2020/12/27 06:52:01
this CVE is not so important to me . I am moving from CentOs7.6 to 7.9 , I decided to have fresh installation of CentOS7.9. Therefore I want to know if Redhat support CentOS7.9 and can I resolve future Vulnerability?
Posted: 2020/12/27 09:39:12
Red Hat does provide support for RHEL 7 (paid subscriptions) and will provide (security) fixes to RHEL 7 until 2024.
Red Hat allows (funds) CentOS project to rebuild RHEL 7 public sources into CentOS Linux 7 packages (until 2024).