Page 2 of 3
Re: No see packages informations
Posted: 2019/10/08 16:41:45
by liberodark
Re: No see packages informations
Posted: 2019/10/31 14:58:54
by liberodark
on issue on bug tracker Trevor reply this :
Code: Select all
CentOS has never included security errata in its yum repos. CentOS 7 didn't have it nor 5 or 6. If you need security related metadata in your yum repos then you need to run RHEL.
But is not really true the security list is not integrated on CentOS 8 but CentOS 7 have security list.
Have sen mores exemples for proof have a big change on CentOS 8 no have security informations same as CentOS 7.
Simple test for everyone install cockpit :
Code: Select all
yum install -y cockpit cockpit-packagekit sos
systemctl enable --now cockpit.socket
firewall-cmd --permanent --zone=public --add-service=cockpit
firewall-cmd --reload
or
Code: Select all
yum install -y PackageKit
systemctl start packagekit.socket
pkcon get-update-detail systemd
or
Code: Select all
#!/bin/bash
echo "+-------------------------+"
echo "|Security Advisories Count|"
echo "+-------------------------+"
for i in Important Moderate Low
do
sec=$(yum updateinfo list security installed | grep $i | wc -l)
echo "$i: $sec"
done | column -t
echo "+-------------------------+"
Have send sreen and other security updates is not included now...
For what no have fix or inclusion ?
Best Regards
Re: No see packages informations
Posted: 2019/10/31 15:57:37
by TrevorH
But is not really true the security list is not integrated on CentOS 8 but CentOS 7 have security list.
Try reading what I wrote again. We do not supply security metadata for ANY CentOS version. Not CentOS 8 or 7 or 6 or 5...
Re: No see packages informations
Posted: 2019/11/07 10:56:04
by liberodark
Ok but where is the bug if you have no security list .
Just explain me for what centos 7 have possibility to see informations.
And centos 8 no have this possibility.
Best Regards
Re: No see packages informations
Posted: 2019/11/07 11:08:39
by TrevorH
You are mistaken. Neither version has any security metadata. None. It does not work.
Re: No see packages informations
Posted: 2019/11/07 12:56:35
by liberodark
This is very strange PackageKit have possibility to see informations.
And that work On Debian / Ubuntu / Red Hat / Fedora / Arch Linux / CentOS 7.
But On centos 8 no.
Possibly is a regression of package kit ?
Re: No see packages informations
Posted: 2019/11/07 14:40:13
by TrevorH
Unfortunately I do not understand what you are talking about and it would appear that you don't understand what I'm saying either.
Re: No see packages informations
Posted: 2020/03/04 16:27:54
by sml
Actually, you
do get this information, but only on packages installed from EPEL, not from CentOS proper:
Code: Select all
$ dnf -q updateinfo list sec --installed
FEDORA-EPEL-2019-91575f0f26 Moderate/Sec. GraphicsMagick-1.3.34-1.el8.x86_64
FEDORA-EPEL-2020-0d2d3afda2 Moderate/Sec. ImageMagick-6.9.10.86-1.el8.x86_64
FEDORA-EPEL-2020-0d2d3afda2 Moderate/Sec. ImageMagick-doc-6.9.10.86-1.el8.x86_64
FEDORA-EPEL-2020-0d2d3afda2 Moderate/Sec. ImageMagick-libs-6.9.10.86-1.el8.x86_64
FEDORA-EPEL-2020-da5ff125c7 Moderate/Sec. git-merge-changelog-0-31.20200107git.el8.x86_64
FEDORA-EPEL-2020-da5ff125c7 Moderate/Sec. gnulib-devel-0-31.20200107git.el8.noarch
FEDORA-EPEL-2020-da5ff125c7 Moderate/Sec. gnulib-docs-0-31.20200107git.el8.noarch
FEDORA-EPEL-2019-288e46f2d9 Moderate/Sec. jhead-3.04-1.el8.x86_64
FEDORA-EPEL-2020-da06eb1ffa Low/Sec. upx-3.96-1.el8.x86_64
Code: Select all
$ dnf -q updateinfo info --installed jhead
===============================================================================
jhead-3.04-1.el8
===============================================================================
Update ID: FEDORA-EPEL-2019-288e46f2d9
Type: security
Updated: 2020-03-02 20:23:05
Bugs: 1765647 - Invalid read in function ReadJpegSections and process_SOFn
: 1775098 - CVE-2019-19035 jhead: heap based over-read in ReadJpegSections and process_SOFn in jpgfile.c leads to denial of service
: 1775100 - CVE-2019-19035 jhead: heap based over-read in ReadJpegSections and process_SOFn in jpgfile.c leads to denial of service [epel-all]
Description: updated to 3.04 (CVE-2019-19035)
Severity: Moderate
Code: Select all
$ pkcon -p get-update-detail jhead | sed 1,/^Details/d
Package: jhead-3.04-1.el8.x86_64
Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1775098, https://bugzilla.redhat.com/show_bug.cgi?id=1775100, https://bugzilla.redhat.com/show_bug.cgi?id=1765647
Update text: updated to 3.04 (CVE-2019-19035)
Changes:
State: stable
Issued:
Updated:
Re: No see packages informations
Posted: 2020/03/04 17:46:51
by TrevorH
Hence why I said "We do not supply security metadata for ANY CentOS version". EPEL is not a CentOS repo, it's a repo that happens to work on CentOS but it's not one that CentOS provides or supports.
Re: No see packages informations
Posted: 2020/03/09 08:48:42
by afewgoodman
Hi TrevorH,
Is there no way to check CVE and security update for CentOS now?
It's just question.
BR.