Hi John (Johnny Hughes),
Is there a way to get this latest log4j 1.2.17 version be certified as a supported version in the Tenable Plugin Alert as seen below:
https://www.tenable.com/plugins/nessus/156032
Since the fix is officially deployed in the mirrors, wouldn't that make the 1.2.17 version a supported version for the nessus plugin?
Regards, Sanjeev ________________________________ From: CentOS-announce centos-announce-bounces@centos.org on behalf of Johnny Hughes johnny@centos.org Sent: Monday, February 7, 2022 11:47 AM To: centos-announce@centos.org centos-announce@centos.org Subject: [CentOS-announce] CESA-2022:0442 Important CentOS 7 log4j Security Update
Warning: Replies to this message will go to centos-announce-bounces@centos.org. If you are unsure this is correct please contact the helpdesk.
CentOS Errata and Security Advisory 2022:0442 Important
Upstream details at : https://usg02.safelinks.protection.office365.us/?url=https%3A%2F%2Faccess.re...
The following updated files have been uploaded and are currently syncing to the mirrors: ( sha256sum Filename )
x86_64: 1b461b4e217ac5f51d8990aad583c7f189e73fd3220a54053124772b83c42eba log4j-1.2.17-18.el7_4.noarch.rpm e4950b148639895cb3ed78b8a00c0708abe4685bd380e0003ebeb947ea1edc42 log4j-javadoc-1.2.17-18.el7_4.noarch.rpm 7bbf77456d5e310210c4bd541fee70097c26568f34f44184c878e5874e2b57f1 log4j-manual-1.2.17-18.el7_4.noarch.rpm
Source: c4224181672eede65a1b3d8f829c9ed475cade9b7234f58c03994f39459ca732 log4j-1.2.17-18.el7_4.src.rpm
-- Johnny Hughes CentOS Project { https://usg02.safelinks.protection.office365.us/?url=http%3A%2F%2Fwww.centos... } irc: hughesjr, #centos@libera.chat Twitter: @JohnnyCentOS
_______________________________________________ CentOS-announce mailing list CentOS-announce@centos.org https://usg02.safelinks.protection.office365.us/?url=https%3A%2F%2Flists.cen...
CentOS 7 rebuilds what is released for RHEL 7 (the Source Code).
CentOS doesn't (and never has) certified anything. If you need Certified Software or Service Level Agreements or Software Assurance, that is what RHEL is for.
Thanks, Johnny Hughes
On 3/2/22 09:00, Kumar, Sanjeev via CentOS-devel wrote:
Hi John (Johnny Hughes),
Is there a way to get this latest log4j 1.2.17 version be certified as a supported version in the Tenable Plugin Alert as seen below:
https://www.tenable.com/plugins/nessus/156032 https://www.tenable.com/plugins/nessus/156032
Since the fix is officially deployed in the mirrors, wouldn't that make the 1.2.17 version a supported version for the nessus plugin?
Regards, Sanjeev
*From:* CentOS-announce centos-announce-bounces@centos.org on behalf of Johnny Hughes johnny@centos.org *Sent:* Monday, February 7, 2022 11:47 AM *To:* centos-announce@centos.org centos-announce@centos.org *Subject:* [CentOS-announce] CESA-2022:0442 Important CentOS 7 log4j Security Update Warning: Replies to this message will go to centos-announce-bounces@centos.org. If you are unsure this is correct please contact the helpdesk.
CentOS Errata and Security Advisory 2022:0442 Important
Upstream details at : https://usg02.safelinks.protection.office365.us/?url=https%3A%2F%2Faccess.re... https://usg02.safelinks.protection.office365.us/?url=https%3A%2F%2Faccess.redhat.com%2Ferrata%2FRHSA-2022%3A0442&data=04%7C01%7Csanjeev.kumar%40bia-boeing.com%7C5bf3fa5591e44bedd6b508d9ea59cd9e%7C930618188e444a1190d0a066b65d501d%7C0%7C0%7C637798493690756156%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000&sdata=L31Vj6dN0D4ddRNppFNaHdZkK0YU37RRqTNnokMjQgI%3D&reserved=0
The following updated files have been uploaded and are currently syncing to the mirrors: ( sha256sum Filename )
x86_64: 1b461b4e217ac5f51d8990aad583c7f189e73fd3220a54053124772b83c42eba log4j-1.2.17-18.el7_4.noarch.rpm e4950b148639895cb3ed78b8a00c0708abe4685bd380e0003ebeb947ea1edc42 log4j-javadoc-1.2.17-18.el7_4.noarch.rpm 7bbf77456d5e310210c4bd541fee70097c26568f34f44184c878e5874e2b57f1 log4j-manual-1.2.17-18.el7_4.noarch.rpm
Source: c4224181672eede65a1b3d8f829c9ed475cade9b7234f58c03994f39459ca732 log4j-1.2.17-18.el7_4.src.rpm
-- Johnny Hughes CentOS Project { https://usg02.safelinks.protection.office365.us/?url=http%3A%2F%2Fwww.centos... https://usg02.safelinks.protection.office365.us/?url=http%3A%2F%2Fwww.centos.org%2F&data=04%7C01%7Csanjeev.kumar%40bia-boeing.com%7C5bf3fa5591e44bedd6b508d9ea59cd9e%7C930618188e444a1190d0a066b65d501d%7C0%7C0%7C637798493690756156%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000&sdata=4EqU%2FPDMqOq6tWmMyHP5Cxh6z4bHuv6FBW1KYvI%2BwjE%3D&reserved=0 } irc: hughesjr, #centos@libera.chat Twitter: @JohnnyCentOS
CentOS-announce mailing list CentOS-announce@centos.org https://usg02.safelinks.protection.office365.us/?url=https%3A%2F%2Flists.cen... https://usg02.safelinks.protection.office365.us/?url=https%3A%2F%2Flists.centos.org%2Fmailman%2Flistinfo%2Fcentos-announce&data=04%7C01%7Csanjeev.kumar%40bia-boeing.com%7C5bf3fa5591e44bedd6b508d9ea59cd9e%7C930618188e444a1190d0a066b65d501d%7C0%7C0%7C637798493690756156%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000&sdata=2%2FBrLBqnLaQNRJyx%2FCgPaGE858BrqW%2FO8RD1KUyGm2o%3D&reserved=0
CentOS-devel mailing list CentOS-devel@centos.org https://lists.centos.org/mailman/listinfo/centos-devel
On 02/03/2022 16:02, Johnny Hughes wrote:
CentOS 7 rebuilds what is released for RHEL 7 (the Source Code).
CentOS doesn't (and never has) certified anything. If you need Certified Software or Service Level Agreements or Software Assurance, that is what RHEL is for.
Thanks, Johnny Hughes
Also, you are asking the wrong people. You need to ask Tenable not CentOS.
Trevor