carlwgeorge - Slashdot User

Comment Re:People still use CentOS? (Score 1) 42

by carlwgeorge on Friday March 31, 2023 @01:01PM (#63414568) Attached to: Google Security Researchers Accuse CentOS of Failing to Backport Kernel Fixes

Well, no. RHEL has the updates, and so has Alma and Rocky.

That's false. If you look at the Red Hat CVE pages, they all list RHEL as "affected". If RHEL had the fix, that page would say "fixed" with a link to the errata and the release date. So RHEL and all RHEL rebuilds are vulnerably to these CVEs.

CVE-2023-0590
CVE-2023-1249
CVE-2023-1252
- In fact, of these distros, CentOS Stream 9 is the only one that has any of the fixes. It got the fix for CVE-2023-0590 even before the Project Zero announcement went out.
  - net: sched: fix race condition in qdisc_graft()
  - Maybe next time consider checking your facts before spreading misinformation?

Slashdot Top Deals