Hi, Qualys is reporting that I'm missing CentOS Security Updates, for example:
CESA-2017:1100 for CentOS 7.3.1611
CESA-2020:4060 and many other's for CentOS 7.8.2003
CESA-2021:0153 any many other's for CentOS 7.9.2009
I have basically two questions.
a) How to install this CESA'a ? I also was thinking that installing updates via RHSA, checking based on CVE's is only available for RHEL system with the yum-plugin-security plugin installed. What am I missing here ? Or is it still just running yum update or should / could I selectively install / upgrade packages mentioned in the CESA'a ?
b) Since I know that CentOS provides updates for the latest minor version in a given branch, the CentOS 7.3.1611 and CentOS 8.9.2003 are pointing to the repo containing patches for 7.9.2009. Should I now configure the vault repos on the 7.3 and 8.9 boxes to point to their matching versions ?
Thank you !
confusion about CESA in CentOS
confusion about CESA in CentOS
Last edited by fuzzy4096 on 2021/03/02 13:17:18, edited 1 time in total.
Re: confusion about CESA in CentOS
Only the latest version is supported, i.e. getting updates.
E.g. 7.3-1611 hasn't got any updates since 7.4-1708 was
released 3.5 years ago.
E.g. 7.3-1611 hasn't got any updates since 7.4-1708 was
released 3.5 years ago.
Re: confusion about CESA in CentOS
The words "does not" are missing from "Since I know that CentOS provides updates".b) Since I know that CentOS provides updates for the latest minor version in a given branch, the CentOS 7.3.1611 and CentOS 8.9.2003 are pointing to the repo containing patches for 7.9.2009. Should I now configure the vault repos on the 7.3 and 8.9 boxes to point to their matching versions ?
Only the current version is supported and any previous ones will be updated to the current point release when you tun yum update.
Do not run 7.3 as it's 4 years out of date.
You should not be seeing or updating a CentOS 7 machine with updates for 8. If your scan is reporting an 8 fix missing on a 7 box then the scan is wrong.
The future appears to be RHEL or Debian. I think I'm going Debian.
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 and 6 are deadest, do not use them.
Use the FAQ Luke
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 and 6 are deadest, do not use them.
Use the FAQ Luke
Re: confusion about CESA in CentOS
The words "does not" are missing from "Since I know that CentOS provides updates".
I'm confused now. So if in CentOS 7 (the major version) the last minor version (that is 7.9.2009 for CentOS 7) is the one and only getting updates. So isn't the above equal to
? I mean 7.9.2009 is the current version, correct ?Only the current version is supported and any previous ones will be updated to the current point release when you tun yum update.
That's my fault, I've made a typo.You should not be seeing or updating a CentOS 7 machine with updates for 8. If your scan is reporting an 8 fix missing on a 7 box then the scan is wrong.
Re: confusion about CESA in CentOS
The way I read your original post may have been wrong so let's clarify.
Only the current version of CentOS 7 or CentOS 8 is supported and gets updates. That's now 7.9 and 8.3. CentOS 8 is supported until the end of this year, 2021, CentOS 7 is supported until 2024. A yum update on either will update you to the latest version available within that version (i.e 7 is not upgraded to 8).
Only the current version of CentOS 7 or CentOS 8 is supported and gets updates. That's now 7.9 and 8.3. CentOS 8 is supported until the end of this year, 2021, CentOS 7 is supported until 2024. A yum update on either will update you to the latest version available within that version (i.e 7 is not upgraded to 8).
The future appears to be RHEL or Debian. I think I'm going Debian.
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 and 6 are deadest, do not use them.
Use the FAQ Luke
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 and 6 are deadest, do not use them.
Use the FAQ Luke
Re: confusion about CESA in CentOS
Okay, so 7.4-1708 was released 3.5 years ago, so August 2017, yes so it's 3,5 years ago.
What about 7.8.2003 ? How to read 2003 ?
I've found this:
What about 7.8.2003 ? How to read 2003 ?
I've found this:
Thanks !Since minor versions of CentOS are point in time releases of a major branch, starting with CentOS-7, we are now using a date code in our minor versions. So you will see CentOS-7 (1406) or CentOS-7 (1503) as a version. This way anyone can know, from the release, when it happened. In the above examples, the minor versions 1406 means June 2014 and 1503 means March 2015. In older major branches of CentOS, such as CentOS-6, we numbered things differently
Re: confusion about CESA in CentOS
2003 is yymm, 2020-03
The future appears to be RHEL or Debian. I think I'm going Debian.
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 and 6 are deadest, do not use them.
Use the FAQ Luke
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 and 6 are deadest, do not use them.
Use the FAQ Luke