To enquire about the expected arrival of ntp, ntpdate, expat&libxml2 rpms with CVE fix - devel - lists.centos.org

List overview All Threads
Download

To enquire about the expected arrival of ntp, ntpdate, expat&libxml2 rpms with CVE fix

registry.centos.org is down due to...

CentOS PaaS SIG meeting...

Veetil, Vyshnav

12 Apr 2018 12 Apr '18

6:57 a.m.

Hi All, Can you please tell me the expected release of these rpms which is having the fix for below CVE's. 1. expat rpm: CVE-2017-9233

2.libxml2: CVE-2015-8035

3. ntp and ntpdate RPM: CVE-2017-6462 CVE-2018-7170 CVE-2018-7170 CVE-2016-4954 CVE-2016-4955 CVE-2016-4956

Attachments:

attachment.html (text/html — 2.4 KB)

Reply

Show replies by date

Trevor Hemsley

12 Apr 12 Apr

8:24 a.m.

On 12/04/18 07:57, Veetil, Vyshnav wrote:

Hi All,

Can you please tell me the expected release of these rpms which is having the fix for below CVE’s.

expat rpm:

CVE-2017-9233

2.libxml2:

CVE-2015-8035

ntp and ntpdate RPM:

CVE-2017-6462

CVE-2018-7170

CVE-2018-7170

CVE-2016-4954

CVE-2016-4955

CVE-2016-4956

You can check the status of CVE numbers by looking at e.g. https://access.redhat.com/security/cve/cve-2017-9233

That one is listed there as "Will not fix". Substitute your other CVE numbers into the URL to check those too.

Any that are listed with a section containing "Redhat Security Errata" are fixed and the publication date of the RHSA announcement listed will be when the fix was released. If it says 2018-04-10 then the fix is part of 7.5 and will be released when CentOS 7.5 is released. ETA unknown but ASAP.

Trevor

Reply

2415

Age (days ago)

2415

Last active (days ago)

devel@lists.centos.org

1 comments

2 participants

tags (0)

participants (2)

Trevor Hemsley
Veetil, Vyshnav