CentOS Linux—the open, enterprise-class, platform upon which Lumeta solutions are built—and third-party packages such as Postgres and Oracle JRE—are continuously monitored by industry and community groups to uncover flaws. Upgrade packages that fix these CentOS flaws (aka CVEs, Common Vulnerabilities and Exposures) are made available from CentOS and third parties (Postgres, Oracle JRE) on an ongoing basis.
This page lists security enhancements on our radar. It's those CVEs that Lumeta is actively addressing and expects to have fully resolved in the upcoming releases of Lumeta Enterprise Edition.
CVE | Repair | Date | 3rd Party Patch | Vulnerability | Resolved_Version & GA Date | ||
Identifier | expat-2.1.0-15.el7_9.x86_64 | Available? | Lumeta | Notes on vulnerability | Lumeta | Lumeta_GA | |
---|---|---|---|---|---|---|---|
CVE-2022-40674 | CentOS yes | yes | libexpat before 2.4.9 has a use-after-free in the doContent function in xmlparse.c. | 4.6.0.1 | 11/29/2022 |