Centos 7 CVE-2022-42920 缺少安全更新

Centos 7 CVE-2022-42920 缺少安全更新

几个月以来,我们一直在使用漏洞扫描程序 (Rapid 7),它抱怨 bcel 包存在漏洞。Red Hat 发布了更新包,但尚未找到进入 Centos 7 存储库的方法。到目前为止,我能找到的唯一建议是更新到 Centos 存储库中 bcel 的最新版本,但这没有帮助,因为最新版本似乎存在漏洞。而且我找不到要手动安装的 rpm。

我在 Red Hat 找到的信息:https://access.redhat.com/security/cve/cve-2022-42920

当前安装:

Loaded plugins: fastestmirror
Loading mirror speeds from cached hostfile
 * base: mirror.nforce.com
 * epel: ftp.nluug.nl
 * extras: centos.mirror.transip.nl
 * updates: centos.mirror.transip.nl
Installed Packages
Name        : bcel
Arch        : noarch
Version     : 5.2
Release     : 18.el7
Size        : 525 k
Repo        : installed
From repo   : base
Summary     : Byte Code Engineering Library
URL         : http://commons.apache.org/proper/commons-bcel/
License     : ASL 2.0
Description : The Byte Code Engineering Library (formerly known as JavaClass) is
            : intended to give users a convenient possibility to analyze, create, and
            : manipulate (binary) Java class files (those ending with .class). Classes
            : are represented by objects which contain all the symbolic information of
            : the given class: methods, fields and byte code instructions, in
            : particular.  Such objects can be read from an existing file, be
            : transformed by a program (e.g. a class loader at run-time) and dumped to
            : a file again. An even more interesting application is the creation of
            : classes from scratch at run-time. The Byte Code Engineering Library
            : (BCEL) may be also useful if you want to learn about the Java Virtual
            : Machine (JVM) and the format of Java .class files.  BCEL is already
            : being used successfully in several projects such as compilers,
            : optimizers, obsfuscators and analysis tools, the most popular probably
            : being the Xalan XSLT processor at Apache.

有人能建议如何处理这种情况吗?这种情况似乎比我意识到的更频繁地发生。

相关内容