CentOS - Jan 2018 - CVE-2017-5715, CVE-2017-5753 and CVE-2017-5754

Hello,

will there be updates for these CVEs for CentOS 6?

Thanks,
Walter

On Jan 4, 2018, at 12:18 PM, Walter H. <walter.h at mathemainzel.info>
wrote:
> 
> will there be updates for these CVEs for CentOS 6?
Red Hat hasn?t released them all yet.  Quoting Christopher Robinson in the
thread for this here:

    https://access.redhat.com/errata/RHSA-2018:0007

"We will be pushing errata out as soon as they have passed our QA
team's testing. The more modern versions were easier to backport patches
from upstream, and as you progress backwards the fixes change from a backporting
exercise into a complete rewrite. We expect all packages for RHEL7 to be
available shortly, with RHEL6 following closely behind.?

Robinson?s reply then goes into other ramifications which don?t impact CentOS
for one reason or another, except insofar as CentOS?s speed in responding to
this is gated in large part by Red Hat?s ability to respond.

I have released everything for CentOS-6 that has been released upstream
in RHEL source code.

I will continue to do so when they release new sources.

NOTE:  We will NOT be releasing anything for CentOS versions before
CentOS-6 (ie, CentOS-2.1, 3.x, 4.x, 5.x releases in vault that are past
EOL will not get updates)

CentOS-6 and CentOS-7 will continue to get updates based on the specific
version of RHEL source code released.
Thanks,
Johnny Hughes

On 01/04/2018 04:41 PM, Warren Young wrote:
> On Jan 4, 2018, at 12:18 PM, Walter H. <walter.h at
mathemainzel.info> wrote:
>>
>> will there be updates for these CVEs for CentOS 6?
> 
> Red Hat hasn?t released them all yet.  Quoting Christopher Robinson in the
thread for this here:
> 
>     https://access.redhat.com/errata/RHSA-2018:0007
> 
> "We will be pushing errata out as soon as they have passed our QA
team's testing. The more modern versions were easier to backport patches
from upstream, and as you progress backwards the fixes change from a backporting
exercise into a complete rewrite. We expect all packages for RHEL7 to be
available shortly, with RHEL6 following closely behind.?
> 
> Robinson?s reply then goes into other ramifications which don?t impact
CentOS for one reason or another, except insofar as CentOS?s speed in responding
to this is gated in large part by Red Hat?s ability to respond.
> _______________________________________________
> CentOS mailing list
> CentOS at centos.org
> https://lists.centos.org/mailman/listinfo/centos
> 

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 198 bytes
Desc: OpenPGP digital signature
URL:
<http://lists.centos.org/pipermail/centos/attachments/20180105/8fdb5a88/attachment-0001.sig>

How about kernel-lt and kernel-ml?

Mike


On 01/04/2018 05:41 PM, Warren Young wrote:
> On Jan 4, 2018, at 12:18 PM, Walter H. <walter.h at
mathemainzel.info> wrote:
>> will there be updates for these CVEs for CentOS 6?
> Red Hat hasn?t released them all yet.  Quoting Christopher Robinson in the
thread for this here:
>
>     https://access.redhat.com/errata/RHSA-2018:0007
>
> "We will be pushing errata out as soon as they have passed our QA
team's testing. The more modern versions were easier to backport patches
from upstream, and as you progress backwards the fixes change from a backporting
exercise into a complete rewrite. We expect all packages for RHEL7 to be
available shortly, with RHEL6 following closely behind.?
>
> Robinson?s reply then goes into other ramifications which don?t impact
CentOS for one reason or another, except insofar as CentOS?s speed in responding
to this is gated in large part by Red Hat?s ability to respond.
> _______________________________________________
> CentOS mailing list
> CentOS at centos.org
> https://lists.centos.org/mailman/listinfo/centos