Centos 8 Security Advisories

[obaidr76]

Is there any link for Centos 8 that we can depend on to identify security advisories? Currently, we are unable to find advisories for CentOS 8. Can we assume the CVEs applicable for RHEL 8 along with the versions would be same for CentOS 8 as well? Are there any other links that we can depend on to identify the security issues on CentOS 8?

[TrevorH]

CentOS Linux 8 is a rebuild of RHEL 8 so will have all the same bugs and if it does not then it's a bug in itself.

[obaidr76]

so are the fixes available to Centos8 packages for the same vulnerability or they will be vulnerable? since the affected version for Red Hat 8 shows significantly different or higher. How are we supposed to know if a certain fix corresponds to certain advisory?

[secsh]

Was there any follow up on this? Interested to see how others are dealing with Centos 8 vulnerability scans. Looks like Nessus no long supports it due to this, and I was wondering if anyone else has a working solution?

[kluch]

Tenable Nessus NEVER supported testing patch management against Centos 8 (they claim it is supported but it is not truth). There was no plugin at all dedicated for Centos 8 because there are no announcements on centos announcement-list (it is silly but I received this info from support).
The only working solution (patch management) is Uyuni/Spacewalk with CEFS (http://cefs.steve-meier.de/). It will not scan but will show vulnerabilities if you have repositories syncronized and added CEFS erratas.