CVE-2021-40438

Support for security such as Firewalls and securing linux
User avatar
TrevorH
Site Admin
Posts: 33202
Joined: 2009/09/24 10:40:56
Location: Brighton, UK

Re: CVE-2021-40438

Post by TrevorH » 2021/10/21 12:13:36

It's the 2nd of those two options.
The future appears to be RHEL or Debian. I think I'm going Debian.
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 and 6 are deadest, do not use them.
Use the FAQ Luke

psingleton
Posts: 8
Joined: 2021/10/20 05:41:58

Re: CVE-2021-40438

Post by psingleton » 2021/10/22 04:55:06

Yeah, the clair scanner had identified that this particular version had an issue, it would help if the numbers were correctly incremented after each change, this is just bone idle not changing the number.

User avatar
TrevorH
Site Admin
Posts: 33202
Joined: 2009/09/24 10:40:56
Location: Brighton, UK

Re: CVE-2021-40438

Post by TrevorH » 2021/10/22 15:43:53

No, you misunderstand the versioning. It is different for packages that are modified by CentOS rather than just plain rebuilds of RHEL packages. The same version number as RHEL cannot be used in that case. There is a wiki article somewhere explaining how and why this is done. It is a different version than the previous one so RHEL went from 2.4.6-97.el7 to 2.4.6-97.el7_9.1 and CentOS went from 2.4.6-97.el7.centos to 2.4.6-97.el7.centos.1 which is exactly the same sort of change that has been made since CentOS first came out. Packages that need debranding get their versions changed to include .centos. to show they are modified.
The future appears to be RHEL or Debian. I think I'm going Debian.
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 and 6 are deadest, do not use them.
Use the FAQ Luke

Post Reply