Page 2 of 2
Re: CVE-2023-38408 in 8-Stream
Posted: 2023/08/27 14:55:50
by TrevorH
No, only 8.8 released a fix for this. The other things listed there are all extra cost items that you have to pay for in order to receive updates.
In nay case, that is RHEL not CentOS. CentOS died nearly 2 years ago and there have benn zero updates for it since then. You cannot compare RHEL which is a pay-for subscription based service that Red Hat sell in order to make money with CentOS which is was a community supported rebuild of the sources used to build RHEL. The latest and last, final version of CentOS Linux 8 was 8.5 in late 2021. There have been no updates to it since that time and there will be no more updates to it.
Re: CVE-2023-38408 in 8-Stream
Posted: 2023/08/28 01:29:51
by chan15
TrevorH wrote: ↑2023/08/27 14:55:50
No, only 8.8 released a fix for this. The other things listed there are all extra cost items that you have to pay for in order to receive updates.
In nay case, that is RHEL not CentOS. CentOS died nearly 2 years ago and there have benn zero updates for it since then. You cannot compare RHEL which is a pay-for subscription based service that Red Hat sell in order to make money with CentOS which
is was a community supported rebuild of the sources used to build RHEL. The latest and last, final version of CentOS Linux 8 was 8.5 in late 2021. There have been no updates to it since that time and there will be no more updates to it.
Thank you for your response! I was wondering if you could recommend either AlmaLinux or RockyLinux to me.
Re: CVE-2023-38408 in 8-Stream
Posted: 2023/08/28 07:57:43
by jlehtone
The AlmaLinux and Rocky Linux did start almost identical; both aimed for bug-for-bug compatibility (with EL). The difference was in how each project is governed.
Due to June 2023 events AlmaLinux has shifted to ABI-compatibility. Whether that has any practical consequences remains to be seen.
Likewise, it remains to be seen how sustainable are the ways that Rocky uses now to fetch sources for their builds.
It has been and probably continues to be relatively trivial to switch between those distros, should a need arise.
TrevorH wrote: ↑2023/08/27 14:55:50
No, only 8.8 released a fix for this. The other things listed there are all extra cost items that you have to pay for in order to receive updates.
https://access.redhat.com/support/polic ... ning_Guide describes what RHEL support offers does Red Hat have.
I would not call
{8.1 SAP, 8.2 SAP, 8.4 SAP, 8.6 EUS, 8.8} "all", when
{8.0, 8.3, 8.5, 8.7} are not on the list.
Re: CVE-2023-38408 in 8-Stream
Posted: 2023/09/07 15:48:19
by megabreit
FYI: I created a bugzilla for this issue and there was a fix released a few days later.
Check for openssh-8.0p1-19.el8.x86_64
Re: CVE-2023-38408 in 8-Stream
Posted: 2023/09/07 16:16:18
by TrevorH
Did anyone ever acknowledge or do anything with the bugzilla?