How to determine if my CentOS 8 is vulnerable to CVE-2019-18348

You are on the right track following the Red Hat Service Advisory. The same package that resolves CVE/RHSA upstream will be released for CentOS. Sometimes it is not available as quickly. There is a build for glibc-2.28-72.el8.x86_64.rpm for CentOS 8, but it doesn't look like it's made it into the repositories yet.

https://koji.mbox.centos.org/koji/buildinfo?buildID=4751

It doesn't help you when the repository metadata isn't aware of a CVE, yet. But, you may want to get familiar with security options to dnf if you'll be running CentOS systems.

DNF(8)                                                                           DNF                                                                           DNF(8)

NAME
       dnf - DNF Command Reference

...
       --cve=<cves>
              Includes  packages  that  fix a CVE (Common Vulnerabilities and Exposures) ID (http://cve.mitre.org/about/), Eg. CVE-2201-0123. Applicable for install,
              repoquery, updateinfo, and upgrade command.
...
       --security
              Includes packages that provides a fix for security issue. Applicable for upgrade command.

Ex:

dnf updateinfo list --cve=CVE-2016-10739

How to determine if my CentOS 8 is vulnerable to CVE-2019-18348

Tags:

Python

Security

Centos

Cve

Centos8

Related

Recent Posts