No, only 8.8 released a fix for this. The other things listed there are all extra cost items that you have to pay for in order to receive updates.
In nay case, that is RHEL not CentOS. CentOS died nearly 2 years ago and there have benn zero updates for it since then. You cannot compare RHEL which is a pay-for subscription based service that Red Hat sell in order to make money with CentOS which is was a community supported rebuild of the sources used to build RHEL. The latest and last, final version of CentOS Linux 8 was 8.5 in late 2021. There have been no updates to it since that time and there will be no more updates to it.
CVE-2023-38408 in 8-Stream
Re: CVE-2023-38408 in 8-Stream
The future appears to be RHEL or Debian. I think I'm going Debian.
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 and 6 are deadest, do not use them.
Use the FAQ Luke
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 and 6 are deadest, do not use them.
Use the FAQ Luke
Re: CVE-2023-38408 in 8-Stream
Thank you for your response! I was wondering if you could recommend either AlmaLinux or RockyLinux to me.TrevorH wrote: ↑2023/08/27 14:55:50No, only 8.8 released a fix for this. The other things listed there are all extra cost items that you have to pay for in order to receive updates.
In nay case, that is RHEL not CentOS. CentOS died nearly 2 years ago and there have benn zero updates for it since then. You cannot compare RHEL which is a pay-for subscription based service that Red Hat sell in order to make money with CentOS which is was a community supported rebuild of the sources used to build RHEL. The latest and last, final version of CentOS Linux 8 was 8.5 in late 2021. There have been no updates to it since that time and there will be no more updates to it.
Re: CVE-2023-38408 in 8-Stream
The AlmaLinux and Rocky Linux did start almost identical; both aimed for bug-for-bug compatibility (with EL). The difference was in how each project is governed.
Due to June 2023 events AlmaLinux has shifted to ABI-compatibility. Whether that has any practical consequences remains to be seen.
Likewise, it remains to be seen how sustainable are the ways that Rocky uses now to fetch sources for their builds.
It has been and probably continues to be relatively trivial to switch between those distros, should a need arise.
I would not call {8.1 SAP, 8.2 SAP, 8.4 SAP, 8.6 EUS, 8.8} "all", when {8.0, 8.3, 8.5, 8.7} are not on the list.
Due to June 2023 events AlmaLinux has shifted to ABI-compatibility. Whether that has any practical consequences remains to be seen.
Likewise, it remains to be seen how sustainable are the ways that Rocky uses now to fetch sources for their builds.
It has been and probably continues to be relatively trivial to switch between those distros, should a need arise.
https://access.redhat.com/support/polic ... ning_Guide describes what RHEL support offers does Red Hat have.
I would not call {8.1 SAP, 8.2 SAP, 8.4 SAP, 8.6 EUS, 8.8} "all", when {8.0, 8.3, 8.5, 8.7} are not on the list.
Re: CVE-2023-38408 in 8-Stream
FYI: I created a bugzilla for this issue and there was a fix released a few days later.
Check for openssh-8.0p1-19.el8.x86_64
Check for openssh-8.0p1-19.el8.x86_64
Re: CVE-2023-38408 in 8-Stream
Did anyone ever acknowledge or do anything with the bugzilla?
The future appears to be RHEL or Debian. I think I'm going Debian.
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 and 6 are deadest, do not use them.
Use the FAQ Luke
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 and 6 are deadest, do not use them.
Use the FAQ Luke