[CentOS-devel] To enquire about the expected arrival of ntp, ntpdate, expat&libxml2 rpms with CVE fix

Thu Apr 12 08:24:22 UTC 2018
Trevor Hemsley <trevor.hemsley at ntlworld.com>

On 12/04/18 07:57, Veetil, Vyshnav wrote:
>
> Hi All,
>
> Can you please tell me the expected release of these rpms which is
> having the fix for below CVE’s.
>
> 1. expat rpm: 
> CVE-2017-9233
>
>  
>
> 2.libxml2:
>
> CVE-2015-8035
>
>  
>
> 3. ntp and ntpdate RPM:
>
> CVE-2017-6462
>
> CVE-2018-7170
>
> CVE-2018-7170
>
> CVE-2016-4954
>
> CVE-2016-4955
>
> CVE-2016-4956
>
You can check the status of CVE numbers by looking at e.g.
https://access.redhat.com/security/cve/cve-2017-9233

That one is listed there as "Will not fix". Substitute your other CVE
numbers into the URL to check those too.

Any that are listed with a section containing "Redhat Security Errata"
are fixed and the publication date of the RHSA announcement listed will
be when the fix was released. If it says 2018-04-10 then the fix is part
of 7.5 and will be released when CentOS 7.5 is released. ETA unknown but
ASAP.

Trevor
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.centos.org/pipermail/centos-devel/attachments/20180412/ddb66b87/attachment-0008.html>