CVE-2021-4115 and polkit package
Posted: 2022/05/19 14:11:47
Hello,
Just wanted to kindly add a reminder that as of today, there is no CVE-2021-4115 fix for CentOS Stream 8, even if this has been fixed in RHEL 8 and other clones like Rocky Linux and AlmaLinux for some time now.
As you can see from this link https://access.redhat.com/errata/RHSA-2022:1546, the CVE-2021-4115 has been fixed in polkit-0.115-13.el8_5.2. However for CentOS Stream 8, the latest polkit package is polkit-0.115-13.el8_5.1 (5.1 instead of 5.2), as can be seen from the list of packages here http://mirror.centos.org/centos/8-strea ... /Packages/.
Any clue how long is Red Hat planning to keep the CentOS Stream 'behind' the RHEL 8? My understanding is that CentOS Stream should be ahead of RHEL 8, but is not according to this. Or am I looking in the wrong places to the correct packages?
Thanks,
Adrian
Just wanted to kindly add a reminder that as of today, there is no CVE-2021-4115 fix for CentOS Stream 8, even if this has been fixed in RHEL 8 and other clones like Rocky Linux and AlmaLinux for some time now.
As you can see from this link https://access.redhat.com/errata/RHSA-2022:1546, the CVE-2021-4115 has been fixed in polkit-0.115-13.el8_5.2. However for CentOS Stream 8, the latest polkit package is polkit-0.115-13.el8_5.1 (5.1 instead of 5.2), as can be seen from the list of packages here http://mirror.centos.org/centos/8-strea ... /Packages/.
Any clue how long is Red Hat planning to keep the CentOS Stream 'behind' the RHEL 8? My understanding is that CentOS Stream should be ahead of RHEL 8, but is not according to this. Or am I looking in the wrong places to the correct packages?
Thanks,
Adrian