No see packages informations
-
- Posts: 11
- Joined: 2019/04/01 08:16:24
Re: No see packages informations
Have open issue on redhat :
https://bugzilla.redhat.com/show_bug.cgi?id=1759565
Have open issue on centos :
https://bugs.centos.org/view.php?id=16560
https://bugzilla.redhat.com/show_bug.cgi?id=1759565
Have open issue on centos :
https://bugs.centos.org/view.php?id=16560
-
- Posts: 11
- Joined: 2019/04/01 08:16:24
Re: No see packages informations
on issue on bug tracker Trevor reply this :
But is not really true the security list is not integrated on CentOS 8 but CentOS 7 have security list.
Have sen mores exemples for proof have a big change on CentOS 8 no have security informations same as CentOS 7.
Simple test for everyone install cockpit :
or
or
Have send sreen and other security updates is not included now...
For what no have fix or inclusion ?
Best Regards
Code: Select all
CentOS has never included security errata in its yum repos. CentOS 7 didn't have it nor 5 or 6. If you need security related metadata in your yum repos then you need to run RHEL.
Have sen mores exemples for proof have a big change on CentOS 8 no have security informations same as CentOS 7.
Simple test for everyone install cockpit :
Code: Select all
yum install -y cockpit cockpit-packagekit sos
systemctl enable --now cockpit.socket
firewall-cmd --permanent --zone=public --add-service=cockpit
firewall-cmd --reload
Code: Select all
yum install -y PackageKit
systemctl start packagekit.socket
pkcon get-update-detail systemd
Code: Select all
#!/bin/bash
echo "+-------------------------+"
echo "|Security Advisories Count|"
echo "+-------------------------+"
for i in Important Moderate Low
do
sec=$(yum updateinfo list security installed | grep $i | wc -l)
echo "$i: $sec"
done | column -t
echo "+-------------------------+"
For what no have fix or inclusion ?
Best Regards
Re: No see packages informations
Try reading what I wrote again. We do not supply security metadata for ANY CentOS version. Not CentOS 8 or 7 or 6 or 5...But is not really true the security list is not integrated on CentOS 8 but CentOS 7 have security list.
The future appears to be RHEL or Debian. I think I'm going Debian.
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 and 6 are deadest, do not use them.
Use the FAQ Luke
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 and 6 are deadest, do not use them.
Use the FAQ Luke
-
- Posts: 11
- Joined: 2019/04/01 08:16:24
Re: No see packages informations
Ok but where is the bug if you have no security list .
Just explain me for what centos 7 have possibility to see informations.
And centos 8 no have this possibility.
Best Regards
Just explain me for what centos 7 have possibility to see informations.
And centos 8 no have this possibility.
Best Regards
Last edited by liberodark on 2019/11/07 12:54:30, edited 1 time in total.
Re: No see packages informations
You are mistaken. Neither version has any security metadata. None. It does not work.
The future appears to be RHEL or Debian. I think I'm going Debian.
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 and 6 are deadest, do not use them.
Use the FAQ Luke
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 and 6 are deadest, do not use them.
Use the FAQ Luke
-
- Posts: 11
- Joined: 2019/04/01 08:16:24
Re: No see packages informations
This is very strange PackageKit have possibility to see informations.
And that work On Debian / Ubuntu / Red Hat / Fedora / Arch Linux / CentOS 7.
But On centos 8 no.
Possibly is a regression of package kit ?
And that work On Debian / Ubuntu / Red Hat / Fedora / Arch Linux / CentOS 7.
But On centos 8 no.
Possibly is a regression of package kit ?
Re: No see packages informations
Unfortunately I do not understand what you are talking about and it would appear that you don't understand what I'm saying either.
The future appears to be RHEL or Debian. I think I'm going Debian.
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 and 6 are deadest, do not use them.
Use the FAQ Luke
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 and 6 are deadest, do not use them.
Use the FAQ Luke
Re: No see packages informations
Actually, you do get this information, but only on packages installed from EPEL, not from CentOS proper:
Code: Select all
$ dnf -q updateinfo list sec --installed
FEDORA-EPEL-2019-91575f0f26 Moderate/Sec. GraphicsMagick-1.3.34-1.el8.x86_64
FEDORA-EPEL-2020-0d2d3afda2 Moderate/Sec. ImageMagick-6.9.10.86-1.el8.x86_64
FEDORA-EPEL-2020-0d2d3afda2 Moderate/Sec. ImageMagick-doc-6.9.10.86-1.el8.x86_64
FEDORA-EPEL-2020-0d2d3afda2 Moderate/Sec. ImageMagick-libs-6.9.10.86-1.el8.x86_64
FEDORA-EPEL-2020-da5ff125c7 Moderate/Sec. git-merge-changelog-0-31.20200107git.el8.x86_64
FEDORA-EPEL-2020-da5ff125c7 Moderate/Sec. gnulib-devel-0-31.20200107git.el8.noarch
FEDORA-EPEL-2020-da5ff125c7 Moderate/Sec. gnulib-docs-0-31.20200107git.el8.noarch
FEDORA-EPEL-2019-288e46f2d9 Moderate/Sec. jhead-3.04-1.el8.x86_64
FEDORA-EPEL-2020-da06eb1ffa Low/Sec. upx-3.96-1.el8.x86_64
Code: Select all
$ dnf -q updateinfo info --installed jhead
===============================================================================
jhead-3.04-1.el8
===============================================================================
Update ID: FEDORA-EPEL-2019-288e46f2d9
Type: security
Updated: 2020-03-02 20:23:05
Bugs: 1765647 - Invalid read in function ReadJpegSections and process_SOFn
: 1775098 - CVE-2019-19035 jhead: heap based over-read in ReadJpegSections and process_SOFn in jpgfile.c leads to denial of service
: 1775100 - CVE-2019-19035 jhead: heap based over-read in ReadJpegSections and process_SOFn in jpgfile.c leads to denial of service [epel-all]
Description: updated to 3.04 (CVE-2019-19035)
Severity: Moderate
Code: Select all
$ pkcon -p get-update-detail jhead | sed 1,/^Details/d
Package: jhead-3.04-1.el8.x86_64
Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1775098, https://bugzilla.redhat.com/show_bug.cgi?id=1775100, https://bugzilla.redhat.com/show_bug.cgi?id=1765647
Update text: updated to 3.04 (CVE-2019-19035)
Changes:
State: stable
Issued:
Updated:
Re: No see packages informations
Hence why I said "We do not supply security metadata for ANY CentOS version". EPEL is not a CentOS repo, it's a repo that happens to work on CentOS but it's not one that CentOS provides or supports.
The future appears to be RHEL or Debian. I think I'm going Debian.
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 and 6 are deadest, do not use them.
Use the FAQ Luke
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 and 6 are deadest, do not use them.
Use the FAQ Luke
-
- Posts: 98
- Joined: 2019/12/11 03:51:58
Re: No see packages informations
Hi TrevorH,
Is there no way to check CVE and security update for CentOS now?
It's just question.
BR.
Is there no way to check CVE and security update for CentOS now?
It's just question.
BR.