In the framework of the patching of my machines of the fault cve-2023-0266, this one obliges to migrate the kernel in AlmaLinux 8.7 whereas redhat proposes a patch in el8.6, why?
That poses a sacred constraint on business servers in production I find.
For a cve flaw that does not touch the kernel it’s ok but for this one I don’t understand the choice of Alma
Red Hat describes that CVE in cve-details
It shows errata for RHEL 8 kernel dated 2023-04-04: https://access.redhat.com/errata/RHSA-2023:1566
The build date of AlmaLinux 8 kernel-4.18.0-425.19.2.el8_7.x86_64 is 2023-04-04.
Changelog of kernel includes:
Alma has released patched kernel ASAP after Red Hat made the sources available. What is wrong in that?
Red Hat did release on 2023-04-04 similar erratas for their non-public RHEL branches, like RHEL 8.4 EUS and RHEL 8.6 EUS. They did not release anything for “RHEL 8.6”, because that did end on release of RHEL 8.7. Is that a cause of confusion?