On 30/08/17 11:09, 知乎申诉处理 wrote: > I've been dubbing with management of security vulnerabilities and their fixes for a while, recently I discovered there may be a delay in the process of software updates made available on CentOS yum repository. > > > take CVE-2017-5335 for example: > In redhat official notice board :https://access.redhat.com/security/cve/cve-2017-5335 we can see there is a link point to advisory for RHEL 7: https://access.redhat.com/errata/RHSA-2017:2292 . from there we can see that the fix happens at gnutls 3.3.26. > But when trying to update with yum update from a CentOS 7.3 x64 machine. there is no 3.3.26 available. Only available rpm for CentOS 7.3.1611 for x86_64 is gnutls-3.3.24. > This result can be verified using rpm finder: https://www.rpmfind.net/linux/rpm2html/search.php?query=gnutls > > > > > Same problem happens to other software packages such as: > glibc > tcpdump > libnl > mariadb > ... > (and many others) > > > Why is that? and are those software packages not going to get fixed? > > > - p.s. please excuse me for any formating issues. :) > > > Jeff You're searching for packages that are already built but in an "interim" repository : RHEL 7.4 was released but CentOS 7.4.1708 isn't yet available, while packages are built (almost all of them) See https://seven.centos.org/2017/08/cr-repository-for-centos-linux-7-1708-released/ and you'll have all the packages you're looking for -- Fabian Arrotin The CentOS Project | http://www.centos.org gpg key: 56BEC54E | twitter: @arrfab -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 198 bytes Desc: OpenPGP digital signature URL: <http://lists.centos.org/pipermail/centos/attachments/20170830/90674238/attachment-0005.sig>