CVE-2021-39275 patch availability

Support for security such as Firewalls and securing linux
Post Reply
tmandel
Posts: 8
Joined: 2022/01/25 13:38:52

CVE-2021-39275 patch availability

Post by tmandel » 2022/01/25 13:44:40

Hello folks,

RedHat provided a fix for the RCE allowed by the vulnerability CVE-2021-39275, on January 17th.

Do you know when the fix will be available on CentOS packages?

Regards,
Thelvaen Mandel

User avatar
TrevorH
Site Admin
Posts: 33202
Joined: 2009/09/24 10:40:56
Location: Brighton, UK

Re: CVE-2021-39275 patch availability

Post by TrevorH » 2022/01/25 14:26:15

It was missed and is being built.
The future appears to be RHEL or Debian. I think I'm going Debian.
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 and 6 are deadest, do not use them.
Use the FAQ Luke

tmandel
Posts: 8
Joined: 2022/01/25 13:38:52

Re: CVE-2021-39275 patch availability

Post by tmandel » 2022/01/25 16:31:41

TrevorH wrote:
2022/01/25 14:26:15
It was missed and is being built.
Thanks :)

User avatar
TrevorH
Site Admin
Posts: 33202
Joined: 2009/09/24 10:40:56
Location: Brighton, UK

Re: CVE-2021-39275 patch availability

Post by TrevorH » 2022/01/25 17:32:11

I'm told that has been pushed live now. It'll be on the master server soon then going out to the various mirrors which can take anything from 30 mins to 30 hours (!) to catch up. Doing a yum clean all/yum update should accelerate the detection of the update.
The future appears to be RHEL or Debian. I think I'm going Debian.
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 and 6 are deadest, do not use them.
Use the FAQ Luke

tmandel
Posts: 8
Joined: 2022/01/25 13:38:52

Re: CVE-2021-39275 patch availability

Post by tmandel » 2022/01/26 00:05:48

I can confirm that package a package named httpd-2.4.6-97.el7.centos.4.x86_64.rpm is indeed in the repository.

I'm assuming that the .centos.4 is equivalent to the el7_9.4, so it should indeed be the package fixing that CVE :)

Thanks for your help & support.
Regards,
Thelvaen

Post Reply