CVE-2021-33909

Support for security such as Firewalls and securing linux
kilian
Posts: 14
Joined: 2015/05/27 01:05:56

CVE-2021-33909

Post by kilian » 2021/07/21 14:51:09

Hi!

I see that the kernel fix for CVE-2021-33909 (kernel-3.10.0-1160.36.2.el7, https://access.redhat.com/errata/RHSA-2021:2725) is not available in CentOS updates yet. What's the typical delay for inclusion in CentOS?

Thanks.

User avatar
jlehtone
Posts: 4523
Joined: 2007/12/11 08:17:33
Location: Finland

Re: CVE-2021-33909

Post by jlehtone » 2021/07/21 16:15:58

I guess it depends on size of build and severity.

If we look at the previous kernel release, 3.10.0-1160.31.1.el7
* 2021-06-08 RHEL annoucement https://access.redhat.com/errata/RHSA-2021:2314
* 2021-06-14 CentOS release https://lists.centos.org/pipermail/cent ... 48337.html

User avatar
TrevorH
Site Admin
Posts: 33191
Joined: 2009/09/24 10:40:56
Location: Brighton, UK

Re: CVE-2021-33909

Post by TrevorH » 2021/07/21 16:33:21

It's building and likely to be released today/tomorrow.
The future appears to be RHEL or Debian. I think I'm going Debian.
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 and 6 are deadest, do not use them.
Use the FAQ Luke

kilian
Posts: 14
Joined: 2015/05/27 01:05:56

Re: CVE-2021-33909

Post by kilian » 2021/07/21 16:37:29

Perfect, thanks!

DizzyNYC
Posts: 1
Joined: 2021/07/21 17:32:17

Re: CVE-2021-33909

Post by DizzyNYC » 2021/07/21 17:33:44

Is there a status page on the build progress?

User avatar
TrevorH
Site Admin
Posts: 33191
Joined: 2009/09/24 10:40:56
Location: Brighton, UK

Re: CVE-2021-33909

Post by TrevorH » 2021/07/21 18:46:39

In a word, no.
The future appears to be RHEL or Debian. I think I'm going Debian.
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 and 6 are deadest, do not use them.
Use the FAQ Luke

harrywangca
Posts: 107
Joined: 2016/01/12 23:27:04
Location: Vista California

Re: CVE-2021-33909

Post by harrywangca » 2021/07/27 04:56:04

I am running CentOS 7.6 1810 and I referred to :

https://lists.centos.org/pipermail/cent ... 48344.html
and
http://mirror.centos.org/centos/7/updat ... s/?C=M;O=D
to download:
bpftool-3.10.0-1160.36.2.el7.x86_64.rpm
kernel-3.10.0-1160.36.2.el7.x86_64.rpm
kernel-abi-whitelists-3.10.0-1160.36.2.el7.noarch.rpm
kernel-debug-3.10.0-1160.36.2.el7.x86_64.rpm
kernel-debug-devel-3.10.0-1160.36.2.el7.x86_64.rpm
kernel-devel-3.10.0-1160.36.2.el7.x86_64.rpm
kernel-doc-3.10.0-1160.36.2.el7.noarch.rpm
kernel-headers-3.10.0-1160.36.2.el7.x86_64.rpm
kernel-tools-3.10.0-1160.36.2.el7.x86_64.rpm
kernel-tools-libs-3.10.0-1160.36.2.el7.x86_64.rpm
kernel-tools-libs-devel-3.10.0-1160.36.2.el7.x86_64.rpm
perf-3.10.0-1160.36.2.el7.x86_64.rpm
python-perf-3.10.0-1160.36.2.el7.x86_64.rpm

Probably you also need:
linux-firmware 20200421-80.git78c0348.el7_9

to put all together into a folder and go to that folder to apply all rpm via: yes | yum --disablerepo=\* update ./*.rpm ;

It works! no vulnerability to my system now.

Good luck

harrywangca
Posts: 107
Joined: 2016/01/12 23:27:04
Location: Vista California

Re: CVE-2021-33909

Post by harrywangca » 2021/07/27 04:58:07

By the way, is there any rpm for this CVE-2021-33909 and CVE-2021-33910 for CentOS 8?

I am still looking for .......

Thanks.

User avatar
TrevorH
Site Admin
Posts: 33191
Joined: 2009/09/24 10:40:56
Location: Brighton, UK

Re: CVE-2021-33909

Post by TrevorH » 2021/07/27 15:19:10

I am running CentOS 7.6 1810 and I referred to :
Do not do this.Only 7.9 gets any support. By running 7.6 you are missing out on nearly 3 years of security patches.
The future appears to be RHEL or Debian. I think I'm going Debian.
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 and 6 are deadest, do not use them.
Use the FAQ Luke

User avatar
jlehtone
Posts: 4523
Joined: 2007/12/11 08:17:33
Location: Finland

Re: CVE-2021-33909

Post by jlehtone » 2021/07/27 19:06:54

harrywangca wrote:
2021/07/27 04:58:07
... CVE-2021-33909 and CVE-2021-33910 for CentOS 8?
Red Hat has published 2021-07-20:
https://access.redhat.com/security/cve/cve-2021-33909
https://access.redhat.com/security/cve/cve-2021-33910
Corresponding CentOS Linux 8 files are dated 20.7.--21.7.

Post Reply