Hello folks,
RedHat provided a fix for the RCE allowed by the vulnerability CVE-2021-39275, on January 17th.
Do you know when the fix will be available on CentOS packages?
Regards,
Thelvaen Mandel
CVE-2021-39275 patch availability
Re: CVE-2021-39275 patch availability
It was missed and is being built.
The future appears to be RHEL or Debian. I think I'm going Debian.
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 and 6 are deadest, do not use them.
Use the FAQ Luke
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 and 6 are deadest, do not use them.
Use the FAQ Luke
Re: CVE-2021-39275 patch availability
I'm told that has been pushed live now. It'll be on the master server soon then going out to the various mirrors which can take anything from 30 mins to 30 hours (!) to catch up. Doing a yum clean all/yum update should accelerate the detection of the update.
The future appears to be RHEL or Debian. I think I'm going Debian.
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 and 6 are deadest, do not use them.
Use the FAQ Luke
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 and 6 are deadest, do not use them.
Use the FAQ Luke
Re: CVE-2021-39275 patch availability
I can confirm that package a package named httpd-2.4.6-97.el7.centos.4.x86_64.rpm is indeed in the repository.
I'm assuming that the .centos.4 is equivalent to the el7_9.4, so it should indeed be the package fixing that CVE
Thanks for your help & support.
Regards,
Thelvaen
I'm assuming that the .centos.4 is equivalent to the el7_9.4, so it should indeed be the package fixing that CVE
Thanks for your help & support.
Regards,
Thelvaen