CVE-2018-8897

Support for security such as Firewalls and securing linux
Post Reply
kilian
Posts: 14
Joined: 2015/05/27 01:05:56

CVE-2018-8897

Post by kilian » 2018/05/09 18:27:09

I'm curious about the status of kernel fixes for CVE-2018-8897 (POP SS) in CentOS, given that:
1. RHEL 7.5 is out, and RHEL 7.4 is moved to Extended Update Support (meaning that updated kernel packages won't make their way into CentOS 7.4)
2. CentOS 7.5 is not released yet, meaning that the RHEL 7.5 kernel fixes are not available yet.

I'm wondering about the specific case of CVE-2018-8897, but more broadly, is there some sort of time gap when a new RHEL version is released, during which security updates are not available to CentOS users?

User avatar
jlehtone
Posts: 4523
Joined: 2007/12/11 08:17:33
Location: Finland

Re: CVE-2018-8897

Post by jlehtone » 2018/05/09 20:07:12

A new, 7.5's kernel can already be installed from the cr repository.

Yes, there is usually slight delay before the cr repo is populated after a RHEL release.

User avatar
avij
Retired Moderator
Posts: 3046
Joined: 2010/12/01 19:25:52
Location: Helsinki, Finland
Contact:

Re: CVE-2018-8897

Post by avij » 2018/05/09 20:22:25

https://wiki.centos.org/AdditionalResou ... itories/CR describes the problem and the solution.

Post Reply