Page 1 of 1
CVE-2023-3899
Posted: 2023/09/15 08:07:06
by vvprasadj
Does the fix for CVE-2023-3899 already available for CentOS?
If so what is the rpm version exact name?
I have python-syspurpose-1.24.52-2.el7.centos.x86_64 installed, but some scanner tools reporting this as vulnerability.
Re: CVE-2023-3899
Posted: 2023/09/15 10:14:43
by jlehtone
The
rpm -q --changelog python-syspurpose | grep -i cve shows nothing,
but
rpm -qi python-syspurpose tells:
Code: Select all
Version : 1.24.52
Release : 2.el7.centos
Build Date : Wed 23 Aug 2023
The
https://access.redhat.com/errata/RHSA-2023:4701 shows that Red Hat has released
Tue 22 Aug 2023 errata that includes package python-syspurpose-1.24.52-2.el7_9.
Version "1.24.52-2" of package built
after RHEL 7 version "1.24.52-2" was released
is very likely equivalent content, i.e. with a fix included.
The latest changelog entry in the CentOS version of the package is after all:
Code: Select all
* Tue Aug 08 2023 Jiri Hnidek <jhnidek@redhat.com> 1.24.52-2
- 2229752: Fix D-Bus policy (jhnidek@redhat.com)
and the CVE-2023-3899 is about D-Bus.