Missing Linux CentOS & RHEL Patches in BigFix Enviroment

Hi Folks,

I seem to be missing some CentOS & RHEL Linux patches for various CVE/CESA from my BigFix environment, I’m not sure why or if I’m actually missing them and I would appreciate some help.

I have the following sites in use

‘Patches for CentOS6 Plugin R2’ V134
’Patches for CentOS7 Plugin R2’ V140
’Patches for RHEL 7’ V340
’Patches for RHEL 6 Native Tools’ V497

Taking
’MSS-OAR-E01-2018:0081.2 CESA-2018:0024 [CentOS-announce] CESA-2018:0024 Important CentOS 6 qemu-kvm Security Update’ , as an example

I enable ‘Show Non-Relevant Content’, click into ‘Patches for CentOS6 Plugin R2’ which has 2313 fixlets, but when I search for ‘qemu-kvm Security Update’ I can’t find any result for CESA-2018:0024. I see that CESA-2018:00024 is applicable to the following architecture

Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64
Red Hat Enterprise Linux HPC Node (v. 6) - x86_64
Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, x86_64
Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64

which I do have in my infastructure

I can however see this patch referenced in a BigFix release announcement
http://bigmail.bigfix.com/pipermail/centos-announcements/2018-January.txt

Although this announcement is for site version V41and my current version is V134?

Thanks

CESA-2018:0024 is a superseded Fixlet. We remove Fixlets that have been superseded for over a year (this include RHEL sites as well). Here’s the announcement that was released when we superseded the CentOS content: IBM BigFix Patch: Superseded CentOS content successfully archived

By the way, CESA is for CentOS, so not sure why you mentioned RHEL. Our Fixlet content only targets for specific OS, so CESA will be for CentOS only.

1 Like

ahhh thank you Zevanty, I wasn’t aware that patches were removed like that.
I have other RHEL patches I was curious about but they are all over a year
old and superseded so the same applies.

Just to clarify zevanty, I see that that announcement is from June 17, is their a more recent announcement or does that cover all patch archival going forward?

Do you mean other sites? If so, that decision is on a site by site basis. You can check the forum to see if an announcement has been made for other sites but a majority of the patch sites do follow this process of moving content that has been superseded for over a year onto another site.

No for the same CentOS site, that announcement is dated from June 2017, but by now superseded content released in say January 18 would be greater than a year old and presumably archived. Are there subsequent announcements for content achieved after June 2017 or is that one announcement for all content moving forward?

Only one announcement is sent to introduce this process. Going forward, content will be moved to the superseded site without an announcement sent.

1 Like