CVE-2023-35788

Support for security such as Firewalls and securing linux
Post Reply
vvprasadj
Posts: 7
Joined: 2023/07/28 17:12:44

CVE-2023-35788

Post by vvprasadj » 2023/09/06 14:51:54

Fix for CVE-2023-35788 (Vulnerable kernel 3.10.0-1160.95.1.el7) has been released for RHEL 7 on 29 August 2023.
This is not yet available for CentOS.
Does next batch of updates for CentOS 7 contains fix for this?

Regards,
Prasad.
Top
User avatar
TrevorH
Site Admin
Posts: 33222
Joined: 2009/09/24 10:40:56
Location: Brighton, UK

Re: CVE-2023-35788

Post by TrevorH » 2023/09/06 17:46:25

There is a batch of updates pending from last week that include:

kernel kernel-rt thunderbird ipa 389-ds-base net-snmp scap-security-guide samba ibus strace cups

I have pinged the maintainer to get them built if they're not already in progress.

If you are concerned about this CVE and do not currently use the affected module then you could blacklist it and be safe that way. That's /usr/lib/modules/3.10.0-1160.95.1.el7.x86_64/kernel/net/sched/cls_flower.ko.xz in the current kernel.
The future appears to be RHEL or Debian. I think I'm going Debian.
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 and 6 are deadest, do not use them.
Use the FAQ Luke
Top
vvprasadj
Posts: 7
Joined: 2023/07/28 17:12:44

Re: CVE-2023-35788

Post by vvprasadj » 2023/09/21 16:28:17

Thanks TrevorH,
I see kernel version 3.10.0-1160.99.1.el7 is available from CentOS repos today.
Top
User avatar
TrevorH
Site Admin
Posts: 33222
Joined: 2009/09/24 10:40:56
Location: Brighton, UK

Re: CVE-2023-35788

Post by TrevorH » 2023/09/21 17:38:41

Yes, they were pushed to the mirrors earlier and are just showing up on the public ones now.
The future appears to be RHEL or Debian. I think I'm going Debian.
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 and 6 are deadest, do not use them.
Use the FAQ Luke
Top
Post Reply

Return to “CentOS 7 - Security Support”