6 thoughts on - CentOS And CVE-2017-1000117

• Am 16.08.2017 um 16:29 schrieb Herbert Chang:

  Red Hat has a CVE database. For the issue see

  https://access.redhat.com/security/cve/cve-2017-1000117

  Red Hat just today has released a new git package for RHEL 6 + 7, RHSA-2017:2485 and RHSA-2017:2484. The CentOS update packages will for sure pop up on the mirrors in near future.

  Alexander

• I’ve seen the announcement and update(s) for CentOS-6
  (CESA-2017:2485), but I don’t find anything for CentOS-7 yet. It looks like RH announced them both at about the same time wednesday and the update for CentOS-6 came out thursday. Is there some reason that the update(s) for -7 haven’t been pushed out?

• Am 19.08.2017 um 14:45 schrieb Richard:

  Updates for CentOS 7 are hold back until the 7.4 update gets released. It will start by populating the CR repo.

  Alexander

• I’m new to CentOS. Security updates are considered general updates?

  Lance

• Have a look at https://wiki.CentOS.org/FAQ/General#head-cea9337e6513cc1567c4d05afbd693f1f7038ccb

  As you can see the updates will first appear in the CR Repo.

  If you need updates sooner you should pay Red Hat for RHEL.

  I am hoping that the CR repo gets populated soon BUT that is up to the Release engineering team.

  Regards,

• Updates build upon each other. If an update is built against 7.4 and links against the 7.4 libraries, we can not instead build it against 7.3
  .. everything has to be done in a specific order to get the correct build requirements and link against the proper shared libraries. So while it would be great to just build and release the security updates first, life does not allow it to work like that.

  CR should be out in a few hours .. initially it will contain only the the RPMs that were part of the 7.4 actual release.

  Within 24 hours of that CR release, CR will be updated to contain all the updates that actually needed to be built against 7.4 (those are building now and the initial CR is in the final QA stages).