Hello
I have question because I don't find answer in internet.
Did centos have problem with security hole such as redhat? I have on mind problem with java-openjdk-1.8.0, (CVE-2021-35556 CVE-2021-35559 CVE-2021-35560 CVE-2021-35564 CVE-2021-35565 CVE-2021-35578 CVE-2021-35586 CVE-2021-41035)
If I update java to the version 1.8.0-312 problem disappear?
CentOS java-1.8.0-openjdk security
Re: CentOS java-1.8.0-openjdk security
According to Red Hat, the last on that list (CVE-2021-41035) does affect package 'java-1.8.0-ibm', which CentOS does not have. https://access.redhat.com/security/cve/cve-2021-41035
CVE-2021-35586 was fixed in RHEL package 'java-1.8.0-openjdk-1.8.0.312.b07-1.el7_9' https://access.redhat.com/security/cve/cve-2021-35586
(The others I did not check.)
CentOS Linux builds binary packages from the sources of RHEL packages that Red Hat makes public.
If RHEL 7 was affected by security issue and Red Hat did release a fix, then CentOS Linux gets it too, if you do sudo yum update
The current version in CentOS Linux 7 for 'java-1.8.0-openjdk' is: 1.8.0.312.b07-1.el7_9.
"If I update" ... the question is, why have you not updated all packages as soon as newer versions become available in CentOS repositories?
CVE-2021-35586 was fixed in RHEL package 'java-1.8.0-openjdk-1.8.0.312.b07-1.el7_9' https://access.redhat.com/security/cve/cve-2021-35586
(The others I did not check.)
CentOS Linux builds binary packages from the sources of RHEL packages that Red Hat makes public.
If RHEL 7 was affected by security issue and Red Hat did release a fix, then CentOS Linux gets it too, if you do sudo yum update
The current version in CentOS Linux 7 for 'java-1.8.0-openjdk' is: 1.8.0.312.b07-1.el7_9.
"If I update" ... the question is, why have you not updated all packages as soon as newer versions become available in CentOS repositories?
-
- Posts: 3
- Joined: 2021/10/07 13:35:56
Re: CentOS java-1.8.0-openjdk security
You have right
I don't know why I looked on java-1.8.0-ibm stead java-1.8.0-openjdk.
In first time I looked good but second time I looked wrong and from this my question.
Why I not updated after released new version? Because too a lot servers but thank you for answer and help.
I don't know why I looked on java-1.8.0-ibm stead java-1.8.0-openjdk.
In first time I looked good but second time I looked wrong and from this my question.
Why I not updated after released new version? Because too a lot servers but thank you for answer and help.