Page 1 of 1

kernel security updates for SACK blocks & co

Posted: 2019/06/18 12:03:46
by maksimov_d
Hello

I would like to know when the kernel security updates for CentOS 6.x become available, which cover vulnerabilities:
  • CVE-2019-3896
  • CVE-2019-11477
  • CVE-2019-11478
  • CVE-2019-11479
For Red Hat, new packages have already been released and are available:
- https://access.redhat.com/errata/RHSA-2019:1488: kernel-2.6.32-754.15.3.el6.x86_64.rpm

While in the repository for CentOS 6, the latest available version of the package:
- http://mirror.centos.org/centos/6/updat ... /Packages/: kernel-2.6.32-754.14.2.el6.x86_64.rpm

Can you please tell what time it takes to prepare new packages and update the repository for CentOS 6?

Re: kernel security updates for SACK blocks & co

Posted: 2019/06/18 15:34:31
by TrevorH
CentOS doesn't get access to the source until Redhat release the binary packages for RHEL. They then have to be rebuilt, tested, signed, tested again and released. Usual ETA for updates is between a few hours and days depending on what problems occur during the rebuild, what things need to be tested and what, if anything, fails.

Re: kernel security updates for SACK blocks & co

Posted: 2019/06/24 18:54:26
by SeijiSensei
I updated my CentOS 6.10 system today and now have kernel 2.6.32-754.15.3.el6.x86_64. Given that it's the same version number as the article describes for RedHat, I assume this kernel has been patched. Is that correct?

Re: kernel security updates for SACK blocks & co

Posted: 2019/06/24 18:56:40
by TrevorH
CentOS packages always match the upstream versions if the package has not been modified by CentOS. Except kernels which always match version numbers even if they are modified by CentOS. So, yes.