kernel CVE vulnerability patch info in changelog

Collapse
X
Collapse
 
  • Page of 1
  • Time
  • Show
Clear All
new posts
Previous template Next
  • support
    Junior Member
    Forum Explorer
    • Mar 2021
    • 29
    #1

    kernel CVE vulnerability patch info in changelog

    a while back there i asked about vulnerability paches being listed in the kernel changelog. At the time cloudlinux was not getting the vulnerability CVE number in the change log for easy look up. At that time, it was suggested this was going to be fixed and changed. Has this been addressed? Are we able to use a changelog grep for CVE paches yet?

    now specifically, one PCI scanner looking at my server is listing this old vulnerability CVE-2012-1146
    https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-1146


    rpm -q --changelog kernel-2.6.32-531.29.2.lve1.3.11.1.el6.x86_64 | grep CVE-2012-1146
    doesnt show it patched.

    googling: cve-2012-1146 site:cloudlinux.com
    doesnt show it addressed.

    how do I demonstrate to the PCI scan service that this has been addressed on the servers?
    Tags: None
    • support
      Junior Member
      Forum Explorer
      • Mar 2021
      • 29
      #2
      PCI scanner has removed this vulnerability from their scan. But the initial questions are still floating?

      additional question, will kernelcare be able to keep the changelog updated with CVE patch numbers?

        Comment

        • iseletsk
          Senior Member
          • Dec 2017
          • 1199
          #3
          We already have that here:
          patches.kernelcare.com

          Select the kernel, and you will see CVE patch numbers.

            Comment

            • support
              Junior Member
              Forum Explorer
              • Mar 2021
              • 29
              #4
              Instead of having to do all the cross referencing, it would be really convenient to be able to grep a changelog for the patch. In that way, we know it has been address AND the patch was applied to the server in one easy step. Also makes less cross referencing to prove security and PCI scanners that an issue has been addressed.
              Just my 2 cents.

              how about the kernel changelog in the kernel RPMs ?

                Comment

                Previous template Next
                Working...

                We process personal data about users of our site, through the use of cookies and other technologies, to deliver our services, personalize advertising, and to analyze site activity. We may share certain information about our users with our advertising and analytics partners. For additional details, refer to our Privacy Policy.

                By clicking "I AGREE" below, you agree to our Privacy Policy and our personal data processing and cookie practices as described therein. You also acknowledge that this forum may be hosted outside your country and you consent to the collection, storage, and processing of your data in the country where this forum is hosted.

                I Agree