Fix for CVE-2023-35788 (Vulnerable kernel 3.10.0-1160.95.1.el7) has been released for RHEL 7 on 29 August 2023.
This is not yet available for CentOS.
Does next batch of updates for CentOS 7 contains fix for this?
Regards,
Prasad.
CVE-2023-35788
Re: CVE-2023-35788
There is a batch of updates pending from last week that include:
kernel kernel-rt thunderbird ipa 389-ds-base net-snmp scap-security-guide samba ibus strace cups
I have pinged the maintainer to get them built if they're not already in progress.
If you are concerned about this CVE and do not currently use the affected module then you could blacklist it and be safe that way. That's /usr/lib/modules/3.10.0-1160.95.1.el7.x86_64/kernel/net/sched/cls_flower.ko.xz in the current kernel.
kernel kernel-rt thunderbird ipa 389-ds-base net-snmp scap-security-guide samba ibus strace cups
I have pinged the maintainer to get them built if they're not already in progress.
If you are concerned about this CVE and do not currently use the affected module then you could blacklist it and be safe that way. That's /usr/lib/modules/3.10.0-1160.95.1.el7.x86_64/kernel/net/sched/cls_flower.ko.xz in the current kernel.
The future appears to be RHEL or Debian. I think I'm going Debian.
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 and 6 are deadest, do not use them.
Use the FAQ Luke
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 and 6 are deadest, do not use them.
Use the FAQ Luke
Re: CVE-2023-35788
Thanks TrevorH,
I see kernel version 3.10.0-1160.99.1.el7 is available from CentOS repos today.
I see kernel version 3.10.0-1160.99.1.el7 is available from CentOS repos today.
Re: CVE-2023-35788
Yes, they were pushed to the mirrors earlier and are just showing up on the public ones now.
The future appears to be RHEL or Debian. I think I'm going Debian.
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 and 6 are deadest, do not use them.
Use the FAQ Luke
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 and 6 are deadest, do not use them.
Use the FAQ Luke