This module contains a Bolt Task that will remediate CVEs described in CESA-2019:2091 and parallel issues present on other Enterprise Linux 7 (EL7) platforms.
- Description
- Setup - The basics of getting started with cesa_2019_2091
- Usage - Configuration options and additional functionality
- Limitations - OS compatibility, etc.
- Development - Guide for contributing to the module
This remediation addresses the following CVEs:
Remediation is performed by using yum to updating key systemd packages to newer versions. Affected systemd RPM packages include:
- systemd
- systemd-libs
- systemd-sysv
Using a Puppet file or other method, install in an appropriate place such that the task is visible to your task runner.
EXAMPLE
$ bolt task show
cesa_2019_2091::remediate remediates CVE-2018-15686, CVE-2018-16866, and CVE-2018-16888
Using your prefered method of running bolt tasks, run the task.
EXAMPLE
$ bolt task run cesa_2019_2091::remediate -n cent7-1,cent7-2,cent7-3
This remediation relies on yum, yum repositories, and related technologies to update RPM packages.
This remediation updates the relevant RPM packages to the latest available version without additional version checks. If your system remains vulnerable to these CVEs, it is likely sufficiently updated RPMs are not available in your yum repository as presntly configured.
This remediation targets the standard systemd packages most likely to be affected by these CVEs. Additional packages which may require attention are described in the relevant CentOS-CR-announce mailing list announcement
Pull requests welcome
| Version | Notes |
|---|---|
| 0.1.0 | Initial release |