Page 1 of 1

Centos 7 patching

Posted: 2021/04/30 20:15:57
by dlh161
I am new to Linux. I work mainly in a Windows environment but I am eager to learn Linux.

I have a Centos-release-7.9.2009.1.e17.centos.x86_64.

Ran command - Rpm -q centos-release to determine the release. What I am struggling with is updating the CVE’s and some security fixes.
The yum plugin is installed. I ran yum update –security.
I ran yum update --cve 2020-14372. It replies with “no packages needed for security; 26 packages available.
What am I doing wrong?

I need to update these.

Centos Linux: CVE-2020-14372: Moderate: grub2 security update (Multiple Advisories)
Centos Linux: CVE-2020-25632: Moderate: grub2 security update (Multiple Advisories)
Centos Linux: CVE-2020-25647: Moderate: grub2 security update (Multiple Advisories)
Centos Linux: CVE-2020-27749: Moderate: grub2 security update (Multiple Advisories)
Centos Linux: CVE-2020-27779: Moderate: grub2 security update (Multiple Advisories)
Centos Linux: CVE-2021-20225: Moderate: grub2 security update (Multiple Advisories)
Centos Linux: CVE-2021-20233: Moderate: grub2 security update (Multiple Advisories)
Centos Linux: CVE-2021-27363: Important: kernel-rt security and bug fix update (Multiple Advisories)
Centos Linux: CVE-2021-27364: Important: kpatch-patch security update (Multiple Advisories)
Centos Linux: CVE-2021-27365: Important: kpatch-patch security update (Multiple Advisories

Re: Centos 7 patching

Posted: 2021/04/30 20:35:08
by TrevorH
yum security does not work on CentOS. There is no security metadata in the repos to allow it to function. You should treat all updates as potentially security related, especially since there will be no more point releases for CentOS 7, 7.9 is the latest and last. That means that all updates that come out potentially fix a security problem and should be treated as such until you have investigated and proved otherwise. Subscribe to the centos-announce mailing list and you will be mailed as updates are released and each mail has a link in it to the RHSA/RHBA/RHEA Red Hat announcement page telling you what it's about.

So, the short answer is: run yum update

Re: Centos 7 patching

Posted: 2021/05/03 14:00:00
by dlh161
Hello, I ran yum update. It did take care of the following:
Centos Linux: CVE-2021-27363: Important: kernel-rt security and bug fix update (Multiple Advisories)
Centos Linux: CVE-2021-27364: Important: kpatch-patch security update (Multiple Advisories)
Centos Linux: CVE-2021-27365: Important: kpatch-patch security update (Multiple Advisories


How do I update the grub2 vulnerabilities?

Centos Linux: CVE-2020-14372: Moderate: grub2 security update (Multiple Advisories)
Centos Linux: CVE-2020-25632: Moderate: grub2 security update (Multiple Advisories)
Centos Linux: CVE-2020-25647: Moderate: grub2 security update (Multiple Advisories)
Centos Linux: CVE-2020-27749: Moderate: grub2 security update (Multiple Advisories)
Centos Linux: CVE-2020-27779: Moderate: grub2 security update (Multiple Advisories)
Centos Linux: CVE-2021-20225: Moderate: grub2 security update (Multiple Advisories)
Centos Linux: CVE-2021-20233: Moderate: grub2 security update (Multiple Advisories)

Re: Centos 7 patching

Posted: 2021/05/03 14:32:43
by sml
Those are older vulnerabilities that were taken care of in previous updates.

Code: Select all

rpm -q --changelog grub2|egrep -w '14372|25632|25647|27749|27779|20225|20233'