Centos 7 patching

Support for security such as Firewalls and securing linux
Post Reply
dlh161
Posts: 2
Joined: 2021/04/30 19:10:36

Centos 7 patching

Post by dlh161 » 2021/04/30 20:15:57

I am new to Linux. I work mainly in a Windows environment but I am eager to learn Linux.

I have a Centos-release-7.9.2009.1.e17.centos.x86_64.

Ran command - Rpm -q centos-release to determine the release. What I am struggling with is updating the CVE’s and some security fixes.
The yum plugin is installed. I ran yum update –security.
I ran yum update --cve 2020-14372. It replies with “no packages needed for security; 26 packages available.
What am I doing wrong?

I need to update these.

Centos Linux: CVE-2020-14372: Moderate: grub2 security update (Multiple Advisories)
Centos Linux: CVE-2020-25632: Moderate: grub2 security update (Multiple Advisories)
Centos Linux: CVE-2020-25647: Moderate: grub2 security update (Multiple Advisories)
Centos Linux: CVE-2020-27749: Moderate: grub2 security update (Multiple Advisories)
Centos Linux: CVE-2020-27779: Moderate: grub2 security update (Multiple Advisories)
Centos Linux: CVE-2021-20225: Moderate: grub2 security update (Multiple Advisories)
Centos Linux: CVE-2021-20233: Moderate: grub2 security update (Multiple Advisories)
Centos Linux: CVE-2021-27363: Important: kernel-rt security and bug fix update (Multiple Advisories)
Centos Linux: CVE-2021-27364: Important: kpatch-patch security update (Multiple Advisories)
Centos Linux: CVE-2021-27365: Important: kpatch-patch security update (Multiple Advisories

User avatar
TrevorH
Site Admin
Posts: 33191
Joined: 2009/09/24 10:40:56
Location: Brighton, UK

Re: Centos 7 patching

Post by TrevorH » 2021/04/30 20:35:08

yum security does not work on CentOS. There is no security metadata in the repos to allow it to function. You should treat all updates as potentially security related, especially since there will be no more point releases for CentOS 7, 7.9 is the latest and last. That means that all updates that come out potentially fix a security problem and should be treated as such until you have investigated and proved otherwise. Subscribe to the centos-announce mailing list and you will be mailed as updates are released and each mail has a link in it to the RHSA/RHBA/RHEA Red Hat announcement page telling you what it's about.

So, the short answer is: run yum update
The future appears to be RHEL or Debian. I think I'm going Debian.
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 and 6 are deadest, do not use them.
Use the FAQ Luke

dlh161
Posts: 2
Joined: 2021/04/30 19:10:36

Re: Centos 7 patching

Post by dlh161 » 2021/05/03 14:00:00

Hello, I ran yum update. It did take care of the following:
Centos Linux: CVE-2021-27363: Important: kernel-rt security and bug fix update (Multiple Advisories)
Centos Linux: CVE-2021-27364: Important: kpatch-patch security update (Multiple Advisories)
Centos Linux: CVE-2021-27365: Important: kpatch-patch security update (Multiple Advisories


How do I update the grub2 vulnerabilities?

Centos Linux: CVE-2020-14372: Moderate: grub2 security update (Multiple Advisories)
Centos Linux: CVE-2020-25632: Moderate: grub2 security update (Multiple Advisories)
Centos Linux: CVE-2020-25647: Moderate: grub2 security update (Multiple Advisories)
Centos Linux: CVE-2020-27749: Moderate: grub2 security update (Multiple Advisories)
Centos Linux: CVE-2020-27779: Moderate: grub2 security update (Multiple Advisories)
Centos Linux: CVE-2021-20225: Moderate: grub2 security update (Multiple Advisories)
Centos Linux: CVE-2021-20233: Moderate: grub2 security update (Multiple Advisories)

sml
Posts: 305
Joined: 2020/01/17 09:01:44

Re: Centos 7 patching

Post by sml » 2021/05/03 14:32:43

Those are older vulnerabilities that were taken care of in previous updates.

Code: Select all

rpm -q --changelog grub2|egrep -w '14372|25632|25647|27749|27779|20225|20233'

Post Reply