2 Replies Latest reply: Oct 16, 2017 6:57 AM by nsanders RSS

No plugin for CVE-2017-7529 on RedHat or CentOS?

nsanders Expert

Looking in to CVE-2017-7529, I see 8 plug-ins for various OS's (FreeBSD, Debian, Ubuntu, openSUSE, Fedora 25, Fedora 26, and Amazon Linux AMI). However, there isn't a plugin for RHEL or what we need, CentOS 7. Can any one from Tenable shed light on this discrepancy?

  • Re: No plugin for CVE-2017-7529 on RedHat or CentOS?
    ajguil4d Novice

    The RedHat generator didn't make one for this because it's in the Software Collections repos. We generally don't generate plugins for these, they're basically completely indistinguishable from their standard repo counterparts, and collisions and issues were frequent. In this case, the rh-nginx110-nginx do not exist on the standard repo, so with a proper feature request through the customer support portal we can see about forcing the generation of the plugin.

     

    CentOS has not issued a security advisory for CESA-2017:2538. Until they do, no plugin can be written for it. We have checked both lists.centos.org/pipermail/centos-announce and lists.centos.org/pipermail/centos-cr-announce and it isn't there. With no advisory to base it from, we cannot create a plugin for it. If this concerns you, please contact CentOS and let them know you want a package update and advisory for the affected packages on CentOS.