CentOS

Hello all,

usually security advisories were posted here every month: https://lists.centos.org/pipermail/centos-announce/. It looks like there are no updates since April 2023. Is there a new website where I can find updated security advisories for CentOS 7?

Many thanks!
Modnar

The patches should be available as I try to chase anything that is missing for CentOS 7 to get it built. The announcements are a secondary problem and I will ask to see if they are missing.

Thank you very much!

TrevorH wrote: ↑

2023/07/10 11:26:47

The patches should be available as I try to chase anything that is missing for CentOS 7 to get it built. The announcements are a secondary problem and I will ask to see if they are missing.

Hi TravorH,
The lack of annoucements is making very hard the detection of exposure of devices to vulnerabilities.
I'm not able to link the updates ad version of a package to the resolution of a CVE, and this is a big issue for me.
an you please double check why announcements are not being published since April?
Is there any other page or errara where you announce what is being released, and how this is related to security issue resolution?

Many thanks

As far as I know the announcement feed was fixed shortly after I last posted about it.

Hi Travor,

I'm a bit confused... if I look at the announcement page, https://lists.centos.org/pipermail/centos-announce/ i see that last annoucement is from April 2023... but since April CentOS made several security updates which now I'm not able to track.

Can you please help me understanding where I can find the Security Advisory released by CentOS?

So, the announcements were fixed a while back but there has apparently been a networking issue within Red Hat that stopped those from reaching the outside world. The same network problem also meant that no new packages for any CentOS version (Stream included) were able to be signed. The network issue was resolved a little while ago and I have received a lot of CExA-yyyy-nnnn announcement mails in the last hour or so.

There will be a batch of patches for CentOS 7 coming down the pipe shortly as well as they have now been GPG signed and can be released.

The patches have just been pushed to the mirrors now. Allow some hours for them to propagate around and for yum metadata to expire locally (or force it).