We are looking for RHEL8.x supported appliance in AWS market place as there are some critical security vulnerabilities with the current RHEL 7.5 appliance. Any update/guidance on this would be greatly appreciated.
we have an active feature request to support RHEL 8 to provision vertica cluster on all cloud vendors. it is currently being worked on by engineering. once this feature is released, you should be able to deploy vertica on RHEL 8 via AWS Marketplace.
Thank you for the update @SruthiA. Any time line when it is going to be available, as the security issue reported is CRITICAL and requires immediate upgrade in our system.
currently there is no ETA. Could you please open a support case and share the vulnerabilities. we can check internally if there is a way to mitigate it.
These are not vertica s/w related vulnerabilities but are of RHEL 7.5. I can provide the CVE numbers, we applied all the latest patches that are allowed on the appliance. But its looking for either RHEL 7.9 or 8.x
Here are couple of High severity CVEs for your reference
Source: AWS FPDS RHEL Nessus Security Scan - August 2023
*Finding Title/Header: 162583 - RHEL 7 : kernel (RHSA-2022:5232)
Thank you @fpdsvertica for sharing the CVE numbers. I have raised your concerns internally and shared them with the CVE Numbers.
could you please share your vertica version?
Vertica 10.0.1-6 Red Hat 7.5 - 1608058653-1ccb1373-3e37-461b-89b3-1c2b91d451d1-ami-02d53d4a77436d590.4 included the the appliance ami details as well
Thank you very much.. I just would like to let you know vertica 10.0 is out of support. even if we release support for RHEL 8, it would be on the latest vertica version.
Thank you, That still works as long as a latest version of appliance is available we can work with that.
@SruthiA could you please provide some tentative timeline when it will be released, so that we can work with our GSA security team.
@fpdsvertica : Tentatively in first quarter of 2024..
Thank you @SruthiA