1

I've been seeing security advisory number like CESA-2017:1842, and after search I could only find some of them in mailing list archives such as this.

Is there a website like https://usn.ubuntu.com or https://access.redhat.com/security/ that dedicated to the announcement of CentOS related vulnerabilities?

Sajuuk
  • 271
  • 3
  • 11
  • You might find this useful: [Recent CentOS security alerts](https://lwn.net/Alerts/CentOS/). This is not an authoritative link, however. – eternaltyro Sep 11 '17 at 17:51

1 Answers1

1

AFAIK, whatever applies to RHEL should apply to respective CentOS release. Read more here on the similarity part (https://unix.stackexchange.com/questions/27323/is-centos-exactly-the-same-as-rhel). [1]

Also best way to search for CVE is to go to https://cve.mitre.org/ and search for CVE List with keyword like "CentOS". e.g. (https://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=CentOS)

Edit: In the provided first link, an answer mentions "CVEs (Common Vulnerabilities and Exposures) are not tested on CentOS, and it is expensive to test them properly." I didn't got any source to verify this claim.

Krishna Pandey
  • 1,497
  • 1
  • 16
  • 26
  • 1
    actually, it is not, in practice, I found that several software package fix may be only available to RHEL , but not to CentOS,for a undeterminable time. – Sajuuk Sep 11 '17 at 11:14
  • 1
    @Sajuuk that's interesting to know. This can be crucial factor in choosing CentOS for production systems. – Krishna Pandey Sep 11 '17 at 11:26