Can RHSA package/version information be applied to CentOS?
For example: if an RHSA says it fixes CVE-2016-4998 with the package kernel-2.6.32-642.13.1.el6.i686.rpm, would a CentOS package of the same name also carry the fix for the same CVE within CentOS?
I think I’ve proven to myself that in this specific example that it does. However, I’m not confident that this is true across all CentOS packages that are also seen in RHEL.
RHSA applicability to CentOS
Re: RHSA applicability to CentOS
Yes. The fixes that come out from RH are all rebuilt as-is by CentOS so any fix included in the RH package is then in the CentOS one. However... the CentOS project does not explicitly test if what RH says is fixed really is fixed.
You can read the rpm changelog to check. CVE numbers should always be in there - e.g. rpm -q --changelog kernel-2.6.32-642.13.1.el6 | grep CVE-2016-4998
Even the CESA errata numbers are the same - s/RHSA-yyyy-nnnn/CESA-yyyy-nnnn/
You can read the rpm changelog to check. CVE numbers should always be in there - e.g. rpm -q --changelog kernel-2.6.32-642.13.1.el6 | grep CVE-2016-4998
Even the CESA errata numbers are the same - s/RHSA-yyyy-nnnn/CESA-yyyy-nnnn/
The future appears to be RHEL or Debian. I think I'm going Debian.
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 and 6 are deadest, do not use them.
Use the FAQ Luke
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 and 6 are deadest, do not use them.
Use the FAQ Luke