Page 1 of 1

Centos 8 Security Advisories

Posted: 2020/09/24 04:39:55
by obaidr76
Is there any link for Centos 8 that we can depend on to identify security advisories? Currently, we are unable to find advisories for CentOS 8. Can we assume the CVEs applicable for RHEL 8 along with the versions would be same for CentOS 8 as well? Are there any other links that we can depend on to identify the security issues on CentOS 8?

Re: Centos 8 Security Advisories

Posted: 2020/09/24 07:04:18
by TrevorH
CentOS Linux 8 is a rebuild of RHEL 8 so will have all the same bugs and if it does not then it's a bug in itself.

Re: Centos 8 Security Advisories

Posted: 2020/09/25 09:20:31
by obaidr76
so are the fixes available to Centos8 packages for the same vulnerability or they will be vulnerable? since the affected version for Red Hat 8 shows significantly different or higher. How are we supposed to know if a certain fix corresponds to certain advisory?

Re: Centos 8 Security Advisories

Posted: 2020/11/30 08:49:25
by secsh
Was there any follow up on this? Interested to see how others are dealing with Centos 8 vulnerability scans. Looks like Nessus no long supports it due to this, and I was wondering if anyone else has a working solution?

Re: Centos 8 Security Advisories

Posted: 2021/01/27 13:42:08
by kluch
Tenable Nessus NEVER supported testing patch management against Centos 8 (they claim it is supported but it is not truth). There was no plugin at all dedicated for Centos 8 because there are no announcements on centos announcement-list (it is silly but I received this info from support).
The only working solution (patch management) is Uyuni/Spacewalk with CEFS (http://cefs.steve-meier.de/). It will not scan but will show vulnerabilities if you have repositories syncronized and added CEFS erratas.