On 12/04/18 07:57, Veetil, Vyshnav wrote:
Hi All,
Can you please tell me the expected release of these rpms which is having the fix for below CVE’s.
- expat rpm:
CVE-2017-9233
2.libxml2:
CVE-2015-8035
- ntp and ntpdate RPM:
CVE-2017-6462
CVE-2018-7170
CVE-2018-7170
CVE-2016-4954
CVE-2016-4955
CVE-2016-4956
You can check the status of CVE numbers by looking at e.g. https://access.redhat.com/security/cve/cve-2017-9233
That one is listed there as "Will not fix". Substitute your other CVE numbers into the URL to check those too.
Any that are listed with a section containing "Redhat Security Errata" are fixed and the publication date of the RHSA announcement listed will be when the fix was released. If it says 2018-04-10 then the fix is part of 7.5 and will be released when CentOS 7.5 is released. ETA unknown but ASAP.
Trevor