Earlier today at #almalinux we patched CVE-2023-38403 in iperf3 and released it prior to anyone else in the EL-ecosystem. We promptly submitted PRs with #centos and #fedora.
A lot was learned during this process so we can nail down the processes of doing our own patches while contributing upstream and ultimately deliver on our promises from https://almalinux.org/blog/future-of-almalinux/
#rhel #redhat
A lot was learned during this process so we can nail down the processes of doing our own patches while contributing upstream and ultimately deliver on our promises from https://almalinux.org/blog/future-of-almalinux/
#rhel #redhat
AlmaLinux OS - Forever-Free Enterprise-Grade Operating System
An Open Source, community owned and governed, forever-free enterprise Linux distribution.AlmaLinux OS
This entry was edited (1 year ago)
T Strömberg 🚲🌳🛵
•Out of curiosity I checked the patch timeline elsewhere:
- 2023-07-07: iperf security advisory w/ patch
- 2023-07-09: Alpine, Wolfi, Chainguard Images
- 2023-07-10: ArchLinux
- 2023-07-17: CVE published
- 2023-07-17: Debian stable
- Not yet: Oracle, RH
Unsurprisingly, the timeline follows the continuum of how each distro treats security vs stability.
Jonathan Wright :almalinux:
•My PR has been rejected by RH and I'm not terribly sure why. At least I tried, I guess, and since AlmaLinux isn't targeting 1:1 we have the patch and RHEL won't I suppose.
https://gitlab.com/redhat/centos-stream/rpms/iperf3/-/merge_requests/5#note_1476778724
Fixes CVE-2023-38403 - Resolves: rhbz#2223729 (!5) · Merge requests · Red Hat / centos-stream / rpms / iperf3 · GitLab
GitLab