No see packages informations

Support for security such as Firewalls and securing linux
liberodark
Posts: 11
Joined: 2019/04/01 08:16:24

Re: No see packages informations

Post by liberodark » 2019/10/08 16:41:45


liberodark
Posts: 11
Joined: 2019/04/01 08:16:24

Re: No see packages informations

Post by liberodark » 2019/10/31 14:58:54

on issue on bug tracker Trevor reply this :

Code: Select all

CentOS has never included security errata in its yum repos. CentOS 7 didn't have it nor 5 or 6. If you need security related metadata in your yum repos then you need to run RHEL. 
But is not really true the security list is not integrated on CentOS 8 but CentOS 7 have security list.
Have sen mores exemples for proof have a big change on CentOS 8 no have security informations same as CentOS 7.
Simple test for everyone install cockpit :

Code: Select all

yum install -y cockpit cockpit-packagekit sos
systemctl enable --now cockpit.socket
firewall-cmd --permanent --zone=public --add-service=cockpit
firewall-cmd --reload
or

Code: Select all

yum install -y PackageKit
systemctl start packagekit.socket
pkcon get-update-detail systemd
or

Code: Select all

#!/bin/bash                                                                                                                                                                                                                                          
echo "+-------------------------+"                                                                                                                                                                                                                   
echo "|Security Advisories Count|"                                                                                                                                                                                                                   
echo "+-------------------------+"                                                                                                                                                                                                                   
for i in Important Moderate Low                                                                                                                                                                                                                      
do                                                                                                                                                                                                                                                   
sec=$(yum updateinfo list security installed | grep $i | wc -l)                                                                                                                                                                                      
echo "$i: $sec"                                                                                                                                                                                                                                      
done | column -t                                                                                                                                                                                                                                     
echo "+-------------------------+"  
Have send sreen and other security updates is not included now...
For what no have fix or inclusion ?

Best Regards

User avatar
TrevorH
Site Admin
Posts: 33191
Joined: 2009/09/24 10:40:56
Location: Brighton, UK

Re: No see packages informations

Post by TrevorH » 2019/10/31 15:57:37

But is not really true the security list is not integrated on CentOS 8 but CentOS 7 have security list.
Try reading what I wrote again. We do not supply security metadata for ANY CentOS version. Not CentOS 8 or 7 or 6 or 5...
The future appears to be RHEL or Debian. I think I'm going Debian.
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 and 6 are deadest, do not use them.
Use the FAQ Luke

liberodark
Posts: 11
Joined: 2019/04/01 08:16:24

Re: No see packages informations

Post by liberodark » 2019/11/07 10:56:04

Ok but where is the bug if you have no security list .
Just explain me for what centos 7 have possibility to see informations.
And centos 8 no have this possibility.

Best Regards
Last edited by liberodark on 2019/11/07 12:54:30, edited 1 time in total.

User avatar
TrevorH
Site Admin
Posts: 33191
Joined: 2009/09/24 10:40:56
Location: Brighton, UK

Re: No see packages informations

Post by TrevorH » 2019/11/07 11:08:39

You are mistaken. Neither version has any security metadata. None. It does not work.
The future appears to be RHEL or Debian. I think I'm going Debian.
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 and 6 are deadest, do not use them.
Use the FAQ Luke

liberodark
Posts: 11
Joined: 2019/04/01 08:16:24

Re: No see packages informations

Post by liberodark » 2019/11/07 12:56:35

This is very strange PackageKit have possibility to see informations.
And that work On Debian / Ubuntu / Red Hat / Fedora / Arch Linux / CentOS 7.
But On centos 8 no.
Possibly is a regression of package kit ?

User avatar
TrevorH
Site Admin
Posts: 33191
Joined: 2009/09/24 10:40:56
Location: Brighton, UK

Re: No see packages informations

Post by TrevorH » 2019/11/07 14:40:13

Unfortunately I do not understand what you are talking about and it would appear that you don't understand what I'm saying either.
The future appears to be RHEL or Debian. I think I'm going Debian.
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 and 6 are deadest, do not use them.
Use the FAQ Luke

sml
Posts: 305
Joined: 2020/01/17 09:01:44

Re: No see packages informations

Post by sml » 2020/03/04 16:27:54

Actually, you do get this information, but only on packages installed from EPEL, not from CentOS proper:

Code: Select all

$ dnf -q updateinfo list sec --installed
FEDORA-EPEL-2019-91575f0f26 Moderate/Sec. GraphicsMagick-1.3.34-1.el8.x86_64
FEDORA-EPEL-2020-0d2d3afda2 Moderate/Sec. ImageMagick-6.9.10.86-1.el8.x86_64
FEDORA-EPEL-2020-0d2d3afda2 Moderate/Sec. ImageMagick-doc-6.9.10.86-1.el8.x86_64
FEDORA-EPEL-2020-0d2d3afda2 Moderate/Sec. ImageMagick-libs-6.9.10.86-1.el8.x86_64
FEDORA-EPEL-2020-da5ff125c7 Moderate/Sec. git-merge-changelog-0-31.20200107git.el8.x86_64
FEDORA-EPEL-2020-da5ff125c7 Moderate/Sec. gnulib-devel-0-31.20200107git.el8.noarch
FEDORA-EPEL-2020-da5ff125c7 Moderate/Sec. gnulib-docs-0-31.20200107git.el8.noarch
FEDORA-EPEL-2019-288e46f2d9 Moderate/Sec. jhead-3.04-1.el8.x86_64
FEDORA-EPEL-2020-da06eb1ffa Low/Sec.      upx-3.96-1.el8.x86_64

Code: Select all

$ dnf -q updateinfo info --installed jhead
===============================================================================
  jhead-3.04-1.el8
===============================================================================
  Update ID: FEDORA-EPEL-2019-288e46f2d9
       Type: security
    Updated: 2020-03-02 20:23:05
       Bugs: 1765647 - Invalid read in function ReadJpegSections and process_SOFn
           : 1775098 - CVE-2019-19035 jhead: heap based over-read in ReadJpegSections and process_SOFn in jpgfile.c leads to denial of service
           : 1775100 - CVE-2019-19035 jhead: heap based over-read in ReadJpegSections and process_SOFn in jpgfile.c leads to denial of service [epel-all]
Description: updated to 3.04 (CVE-2019-19035)
   Severity: Moderate

Code: Select all

$ pkcon -p get-update-detail jhead | sed 1,/^Details/d
 Package: jhead-3.04-1.el8.x86_64
 Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1775098, https://bugzilla.redhat.com/show_bug.cgi?id=1775100, https://bugzilla.redhat.com/show_bug.cgi?id=1765647
 Update text: updated to 3.04 (CVE-2019-19035)
 Changes:
 State: stable
 Issued:
 Updated:

User avatar
TrevorH
Site Admin
Posts: 33191
Joined: 2009/09/24 10:40:56
Location: Brighton, UK

Re: No see packages informations

Post by TrevorH » 2020/03/04 17:46:51

Hence why I said "We do not supply security metadata for ANY CentOS version". EPEL is not a CentOS repo, it's a repo that happens to work on CentOS but it's not one that CentOS provides or supports.
The future appears to be RHEL or Debian. I think I'm going Debian.
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 and 6 are deadest, do not use them.
Use the FAQ Luke

afewgoodman
Posts: 98
Joined: 2019/12/11 03:51:58

Re: No see packages informations

Post by afewgoodman » 2020/03/09 08:48:42

Hi TrevorH,

Is there no way to check CVE and security update for CentOS now?

It's just question.

BR.

Post Reply