Hi Team,
I am unable to find the fix for CVE-2022-30123 for pcs in centos 7.9. Any help would be helpful.
CVE-2022-30123
Re: CVE-2022-30123
https://access.redhat.com/security/cve/CVE-2022-30123 says it was fixed in November 2022.
The rpm changelog does not explicitly mention the CVE number but I presume teh comment about upgrading rubygem-rack is the one.
The rpm changelog does not explicitly mention the CVE number but I presume teh comment about upgrading rubygem-rack is the one.
Code: Select all
* Thu Oct 06 2022 Ivan Devat <idevat@redhat.com> - 0.9.169-3.el7_3.2
- Update rubygem rack
- Upgrade jquery in web-ui
- Resolves: rhbz#2099578 rhbz#2093232
The future appears to be RHEL or Debian. I think I'm going Debian.
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 and 6 are deadest, do not use them.
Use the FAQ Luke
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 and 6 are deadest, do not use them.
Use the FAQ Luke
Re: CVE-2022-30123
As mentioned, the fix came in November 2022, but the last update show Oct 2022. So not sure if the fix was applied for pcs.
Re: CVE-2022-30123
Fix dates often pre-date the announcement of the vulnerability and the fix. That's because some vulnerabilities are embargoed to allow everyone to line up all their ducks ready to release as soon as the problem is made public. If you read the bugzilla entry that is linked off the CVE page it shows the problem was reported 2022-06-21.
I've also checked the changelog on RHEL 7 using `yum changelog pcs --enablerepo=rhel-ha-for-rhel-7-server-rpms` and it exactly the same as the current CentOS 7 version.
I've also checked the changelog on RHEL 7 using `yum changelog pcs --enablerepo=rhel-ha-for-rhel-7-server-rpms` and it exactly the same as the current CentOS 7 version.
The future appears to be RHEL or Debian. I think I'm going Debian.
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 and 6 are deadest, do not use them.
Use the FAQ Luke
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 and 6 are deadest, do not use them.
Use the FAQ Luke