DevHeads.net

To enquire about the expected arrival of ntp, ntpdate, expat&libxml2 rpms with CVE fix

Hi All,
Can you please tell me the expected release of these rpms which is having the fix for below CVE's.
1. expat rpm:
CVE-2017-9233

2.libxml2:
CVE-2015-8035

3. ntp and ntpdate RPM:
CVE-2017-6462
CVE-2018-7170
CVE-2018-7170
CVE-2016-4954
CVE-2016-4955
CVE-2016-4956

Comments

Re: To enquire about the expected arrival of ntp,

By Trevor Hemsley at 04/12/2018 - 04:24

On 12/04/18 07:57, Veetil, Vyshnav wrote:
That one is listed there as "Will not fix". Substitute your other CVE
numbers into the URL to check those too.

Any that are listed with a section containing "Redhat Security Errata"
are fixed and the publication date of the RHSA announcement listed will
be when the fix was released. If it says 2018-04-10 then the fix is part
of 7.5 and will be released when CentOS 7.5 is released. ETA unknown but
ASAP.

Trevor