[CentOS] openssl Security Update for CentOS 6.7 ETA

Wed May 11 17:30:46 UTC 2016
Richard <lists-centos at listmail.innovate.net>


> Date: Wednesday, May 11, 2016 13:24:43 -0400
> From: m.roth at 5-cent.us
>
> Patrick Rael wrote:
>> On 05/11/2016 09:45 AM, Steve Snyder wrote:
>>> 
>>> On Wednesday, May 11, 2016 11:20am, "Patrick Rael"
>>> <prael at lumeta.com> said:
>>> 
>>>> Hi,
>>>>  Is there an ETA on the openssl security update (CVE-2016-0799)
>>>>  for CentOS 6.7?    I saw the openssl update for CentOS 7 on
>>>> 5/9, eagerly awaiting the same for 6.7.
>>>> 
>>> Looks like Red Hat pushed it to RHEL v6.8, released yesterday.
>>> Unless CentOS does a special back-port we'll have to wait for
>>> CentOS v6.8 to get the OpenSSL update.
> 
>> Is there an ETA on CentOS v6.8?    Days? Weeks? Months? (years?)
>> I just need to predict when CVE-2016-0799 will be fixed for CentOS
>> 6.7. I thought security updates would be available on 6.7 for many
>> more years.
>> 
> Please - it was *just* released, and the build team is presumably
> already on it. Hopefully, upstream hasn't screwed with their build
> environment again.
> 
> At any rate, when upstream did, it took our build team about a
> month to get builds working again; if they haven't, then I'd hope
> for a few weeks.
> 
> PLEASEPLEASEPLEASEPLEASE people, *don't* turn this into a 5k posts
> a day arguing over whether the build team is lazy, or 75% of them
> "ANYTHING NEW?! HOW SOON?!!!!!!!!!
> 
> Give them some bloody time, children. It's a job of work, as the old
> saying goes.
> 

Security updates will be available for rhel/centos 6 for many years
(november 2020 I believe). 6.7 is simply a point-in-time snapshot
which is not explicitly supported once the next point release has
come out.

  > I thought security updates would be available 
  > on 6.7 for many more years.

When there are cusp security issues like this the security update
sometimes comes out ahead of the rest of the new point release via
the fasttrack or CR repositories.