CVE-202128041 Vulnerability in Cents7 (7.6.1810)
CVE-202128041 Vulnerability in Cents7 (7.6.1810)
Hi,
I did not find any related link or topic about CVE-202128041 in Redhat website. I would be appreciated if somebody tell me whether centos7 is vulnerable? How can I mitigate?
I did not find any related link or topic about CVE-202128041 in Redhat website. I would be appreciated if somebody tell me whether centos7 is vulnerable? How can I mitigate?
Re: CVE-202128041 Vulnerability in Cents7 (7.6.1810)
7.6 is unsupported and has been since the release of 7.7 in mid 2019.
yum update
yum update
The future appears to be RHEL or Debian. I think I'm going Debian.
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 and 6 are deadest, do not use them.
Use the FAQ Luke
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 and 6 are deadest, do not use them.
Use the FAQ Luke
Re: CVE-202128041 Vulnerability in Cents7 (7.6.1810)
thank for your reply. I sounds a blank page. is not it?
Re: CVE-202128041 Vulnerability in Cents7 (7.6.1810)
It is not a blank page for me. Check your browser.
Red Hat wrote:Statement
This issue doesn't affected any versions of OpenSSH packaged and shipped with Red Hat Enterprise Linux 6, 7 and 8. The issue was introduced in OpenSSH 8.2 while the most recent OpenSSH version available for Red Hat Enterprise Linux 8 is based on OpenSSH 8.0.
Re: CVE-202128041 Vulnerability in Cents7 (7.6.1810)
No - because we do not ship openssh 8, the copy of openssh shipped with CentOS 7 is openssh-server-7.4p1-21.el7.x86_64 and will most likely never get updated to an 8.x version.Is it possible to install openssh 8.5 without internet access?
I am telling you that CentOS 7.6 is unsupported. It gets no updates other than "update to 7.9 which is the latest version".I think it does not talk about even supported version.
If you look at the page that jlehtone pointed you to, it clearly says that no version of CentOS ships a copy of openssh that is vulnerable to this flaw.
This issue doesn't affected any versions of OpenSSH packaged and shipped with Red Hat Enterprise Linux 6, 7 and 8. The issue was introduced in OpenSSH 8.2 while the most recent OpenSSH version available for Red Hat Enterprise Linux 8 is based on OpenSSH 8.0.
The future appears to be RHEL or Debian. I think I'm going Debian.
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 and 6 are deadest, do not use them.
Use the FAQ Luke
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 and 6 are deadest, do not use them.
Use the FAQ Luke
Re: CVE-202128041 Vulnerability in Cents7 (7.6.1810)
Hi,
First of all, thanks for your reply. second, I found below sentence a little confusing. What is previous versions? it means Redhat versions before Red Hat Enterprise Linux 6? or before openssh8.0?
Unless explicitly stated as not affected, all previous versions of packages in any minor update stream of a product listed here should be assumed vulnerable, although may not have been subject to full analysis.
First of all, thanks for your reply. second, I found below sentence a little confusing. What is previous versions? it means Redhat versions before Red Hat Enterprise Linux 6? or before openssh8.0?
Unless explicitly stated as not affected, all previous versions of packages in any minor update stream of a product listed here should be assumed vulnerable, although may not have been subject to full analysis.
Re: CVE-202128041 Vulnerability in Cents7 (7.6.1810)
Well since the RH page explicitly does say that all versions of openssh shipped with all versions of RHEL are unaffected...
The future appears to be RHEL or Debian. I think I'm going Debian.
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 and 6 are deadest, do not use them.
Use the FAQ Luke
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 and 6 are deadest, do not use them.
Use the FAQ Luke