On 12/04/18 07:57, Veetil, Vyshnav wrote:

Hi All,

Can you please tell me the expected release of these rpms which is having the fix for below CVE’s.

1. expat rpm:
CVE-2017-9233

2.libxml2:

CVE-2015-8035

3. ntp and ntpdate RPM:

CVE-2017-6462

CVE-2018-7170

CVE-2018-7170

CVE-2016-4954

CVE-2016-4955

CVE-2016-4956

You can check the status of CVE numbers by looking at e.g. https://access.redhat.com/security/cve/cve-2017-9233

That one is listed there as "Will not fix". Substitute your other CVE numbers into the URL to check those too.

Any that are listed with a section containing "Redhat Security Errata" are fixed and the publication date of the RHSA announcement listed will be when the fix was released. If it says 2018-04-10 then the fix is part of 7.5 and will be released when CentOS 7.5 is released. ETA unknown but ASAP.

Trevor