Security errata missing for RHEL7

Latest response

Hi,

I have a few CVE links below. The security errata is missing for the RHEL7 product on these CVE links

https://access.redhat.com/security/cve/CVE-2009-0159
https://access.redhat.com/security/cve/CVE-2015-1798
https://access.redhat.com/security/cve/CVE-2013-6450

Does this mean that these security vulnerabilities do not affect the RHEL7 product?

Responses

Hi Ron. Yes, your assumption is correct. The 3 CVEs you listed were all addressed and those fixes carried forward.

CVE-2009-0159 was concerned about ntp prior to ntp-4.2.4 - RHEL7 shipped with ntp-4.2.6p5 (that included previous patches).

CVE-2015-1798 was concerned about ntp 4.2.5p99. The fixes came to RHEL6 with RHSA-2015:1459 (and again, RHEL7 came out of the gate with ntp-4.2.6p5).

CVE-2013-6450 is a bit more interesting, and took some more digging. It cared about openssl1.0.1 before 1.0.1f Following the CVE trail, we can see this was fixed in RHSA-2014:0015-3 - openssl-1.0.1e-16 for RHEL6. Those patches would have been included with the version RHEL7 shipped with: openssl-1.0.1e-42.

Great Question!
-CRob

Close

Welcome! Check out the Getting Started with Red Hat page for quick tours and guides for common tasks.