Security flaws on unsupported products or products with limited support

Updated -

Red Hat supports a large number of products across differing product families, and security support is provided for all of our products within the defined scope of each product's lifecycle. Customers may purchase some Long Life or Extended Update Support products that receive specifically-defined support. Not all products offer Long Life (LL), Extended Update Support (EUS), or Extended Life Cycle Support (ELS), and many products become End of Life (EOL) in favor of newer products with full support.

Customers who opt to not upgrade to newer versions of a product, or choose to purchase EUS/ELS support, may have questions as to whether or not certain security flaws affect their system. The Red Hat CVE Database provides information on security flaws, including if a product provides a fix, or statements regarding the affects of certain products. More often than not, these statements do not include any information on older products that are either EOL or are EUS/ELS unless the flaws fall within the defined support scope. The following criteria determines whether or not Red Hat is able to answer the question of whether a specific security flaw affects a certain product:

  • If the impact of the flaw is outside of the defined support scope and does not qualify for fixes (for example, EUS/ELS products may only provide Critical or Important impact fixes), we do not make a determination of whether or not the product is affected
  • If the product is EOL and no longer receives support, we do not make a determination of whether or not the product is affected

For instance, questions regarding whether or not a flaw affects Red Hat Enterprise Linux 2.1 cannot be answered because it no longer receives support. A question regarding a Low or Moderate impact flaw on Red Hat Enterprise Linux 4 cannot be answered because Red Hat Enterprise Linux 4 only receives Critical impact updates.

To understand how Red Hat rates security flaws, please refer to the Issue Severity Classification page.

For an overview, the Red Hat Enterprise Linux Life Cycle describes the different phases of support and what you can expect from each phase, in particular the Extended Life Phase and Life Cycle Support Add-On which indicates what type of security fixes are delivered for those add-ons.

The Life Cycle and Update Policies page provides links to the update policies and life cycle for all supported Red Hat products.

Comments