Time frame to provide security fixes

How long time in average does it take to provide security fixes for AL AppStream packages?

For example, PHP developers announce the release of php-8.0.30 on
03 Aug 2023 as a security fix. Almalinux provided the fix on 19-Oct-2023. I find that a bit long time to provide a security fix classified by Red Hat as a score of 8.6

CVE-2023-3823- Red Hat Customer Portal

The page that you did link to does show that Red Hat too did release a fix for RHEL in 19-Oct-2023. AlmaLinux was no slower nor faster than Red Hat.
Perhaps you should ask from Red Hat why it took them that long (despite how they did classify the issue)?

What is the best practice to protect my server while waiting all that time for the fix?

That Red Hat CVE page did describe some mitigation method.

1 Like