Rocky 8.9, MariaDB 10.3

khanson · April 10, 2024, 9:32pm

Hi, We run Qualys cloud agent to detect software CVE’s and it has marked at MariaDB 10.3.39 as having a couple CVE’s to remediate. I see that 10.3 is no longer on the RedHat App Stream Life Cycle, they have 10.5 good until 2026. We have a split decision from admins that 10.3 is continuing to be supported but that is only through RedHat Full Life Application Streams Release Life Cycle, which I believe is for their paying customers.
Can somebody please clarify for me what streams Rocky gets downstream from RHEL? MariaDB 10.3 was EOL in 2023, are we in Rocky still receiving patches for that?

Appreciate any info, thank you.
K Hanson, Montana State University

nazunalika · April 11, 2024, 12:24am

Any stream that RHEL provides, we also provide.

If the mariadb 10.3 stream receives updates in RHEL, we’ll also build it and ship it out. Otherwise, no changes will occur. “Full life” implies that the stream they’re referring to will be supported until 8 is end of life, which will be in 2029. If you look at their list, they also state the virt stream. This always receives updates and has since 8’s release. Same with squid.

If qualys is saying that there are CVE’s, you may want to research them on Red Hat’s website to see if they are applicable or have been fixed already.

khanson · April 11, 2024, 2:35pm

Thank you very much for clarifying.

Topic		Replies	Views
About CVEs in RHEL based distros Rocky Linux General rocky-linux-8 , rocky-linux-9	2	243	April 3, 2024
Triage For CentOS Stream Refugees? Rocky Linux General	11	720	August 25, 2023
Rocky Linux vs. PHP support cycle Rocky Linux General	6	1141	August 25, 2023
CVE-2022-22720 Apache Vulnerability and ongoing app security patches Rocky Linux General	3	802	August 25, 2023
Rocky Linux and Tenable/Nessus Agent Rocky Linux General	8	807	July 25, 2023

Rocky 8.9, MariaDB 10.3

Related Topics