python-gofer-2.12.5-3.el7 and python-gofer-qpid-2.12.5-3.el7 are found vulnerable in vulnerabilities security scan, is it safe to remove them? since we are not using the katello agent.
I could not find the updated packages available in the pulp repository, if removing the packages are not safe may I know when there will be updated packages available?.
Problem: python-gofer-2.12.5-3.el7 and python-gofer-qpid-2.12.5-3.el7 found vulnerable in vulnerabilities security scan
Expected outcome: An updated version of python-gofer and python-gofer-qpid packages or is it okay to remove the packages python-gofer-2.12.5-3.el7, python-gofer-qpid-2.12.5-3.el7 since we are not using Katello agent.
The security vulnerabilities scan report came up with vulnerability title “Red Hat: CVE-2019-3845: Important: Red Hat Satellite Tools security update (RHSA-2019:1223)”, vulnerability proof “Vulnerable OS: Red Hat Enterprise Linux 7.9, python-gofer - version 2.12.5-3.el7 is installed”, vulnerability CVSS Score “5.2”.
Well check the page at redhat on the CVE-2019-3845. It has been fixed with errata RHSA-2019:1223 which includes gofer-2.12.5-3. So basically version 2.12.5-3 is the fixed version for that CVE. I don’t know why your scanner thinks 2.12.5-3 is vulnerable to CVE-2019-3845. To me, it looks fine if information from redhat is correct.