Extended Lifecycle Support for CentOS 6

In 2020, CentOS 6 reached end of life, and there’s no simple upgrade path. Sure, your CentOS 6 Linux workloads still work, and you could choose to continue to use CentOS 6.

However, here’s the problem: since December 2020 there are no security patches for CentOS 6, so anyone using CentOS 6 is now vulnerable to countless dangerous threats. The switch to CentOS Stream means many organizations are in limbo. Trying to find an upgrade path from CentOS 6 is not easy, but not acting isn’t an option either.You can buy time if you’re still running CentOS 6 versions.

TuxCare’s Extended Lifecycle Support gives you the same official security patches you used to get with CentOS 6, and we’ll continue to provide rapid patches for enterprise Linux users right through to November 2024.

So don’t sweat it.

Just keep on going with CentOS 6, 7, or 8. 
TuxCare has your back.

What happened with CentOS Linux?

The CentOS project community release sponsor, Red Hat, changed course in Dec 2020 and announced that it will no longer issue stable releases of CentOS that are binary compatible with the matching Red Hat Enterprise Linux (RHEL) release.

CentOS 8 would be the last stable release of CentOS.

Instead, CentOS Stream is now the “last” of the CentOS versions. Stream is a rolling release, without a fixed version that matches a corresponding RHEL distribution 1:1. Worse, the CentOS 8 end of life date was Dec 31st, 2021, so that is not an option either.

What does it mean for CentOS users?

CentOS Stream is a continuous delivery release so there is no longer a new fixed CentOS release, and therefore CentOS is no longer a cheaper, 100% binary compatible alternative that is an exact copy of RHEL.

Worse, because CentOS 8 also reached end of life just a year after CentOS 6, companies were faced with a fast, risky migration to another Linux distribution for their dedicated servers and other workloads. CentOS 7 end of life date also looms close, so a move there would be a stop gap solution that would simply push the issue a few months down the line.

Unsurprisingly, many web hosts and other companies chose to simply let their production workloads run on an unsupported distribution. These companies are now exposed to significant cyber security risks.

What is Extended Lifecycle Support?

You can think of TuxCare’s Extended Lifecycle Support (ELS) as a continuation of official vendor support for CentOS Linux systems, giving you the same security patches to close new vulnerabilities as the CentOS project did, and sometimes even faster.

When a new vulnerability emerges, our own internal Linux developers respond rapidly to new threats and roll out a patch that you deploy just the way you would if you were relying on CentOS official support. This vendor-grade patching support from TuxCare gives you a couple of extra years to decide which Linux distribution you are going to move your CentOS 6 machines to, keeping you safe in the meantime.

You can safeguard your CentOS 6 instance now by signing up for critical patches and updates from TuxCare:

Similar to how official vendor support works, just swap TuxCare ELS in – it’s fully compatible with your existing deployment tools and scripts
Benefit from the expertise of a team that has over a decade’s experience working with RHEL-based Linux distributions
Supports core system components like the kernel, but also a comprehensive list of commonly used additional tools (bash, rpm, apache, and many others)
The knowledge that your CentOS 6 Linux operating systems are now safe and secure, until November 2024
Full technical account management as well as round-the-clock support through our ticketing system

Securing CentOS 6 is straightforward

Getting your CentOS 6 operating systems patched and secure is easy. All you need to do to enable Extended Lifecycle Support for CentOS 6 is to run a short script on your CentOS 6 servers to switch the repositories used by your regular update management tool (yum, for example). Within minutes you’ll be protected by TuxCare ELS for CentOS 6. Optionally, you could choose to run a local mirror with ELS patches from TuxCare – it’s easy to do using rsync. Either way, you get support to safely run CentOS 6 beyond its EOL date thanks to TuxCare security patches.

Supported components

TuxCare provides updates for the kernel, Apache, PHP, Glibc, OpenSSL, OpenSSH, and Python packages.
Packages updated includes

  • acpid
  • glibc
  • attr
  • php
  • info
  • Iptstate
  • gdb
  • glib2
  • bash
  • basesystem
  • authconfig
  • zlib
  • acl
  • dovecot
  • mysql
  • ed
  • gcc
  • lslk
  • blktrace
  • bc
  • openssh
  • device-mapper
  • dhclient
  • dhcpv6
  • dmidecode
  • bzip2
  • busybox
  • bridge-utils
  • httpd
  • userspace
  • packages
  • crash
  • cyrus-imapd
  • cyrus-sasl

… and many others.

Other major Enterprise Linux Distributions with TuxCare ELS

TuxCare’s Extended Lifecycle Support is also available for CentOS 8, Oracle Linux 6, and Ubuntu 16.04 LTS operating systems.

Extended Lifecycle Support for CentOS 8

End of life: December 2021

Extended Lifecycle Support will last until January 2026, giving you enough time to switch your server fleet to an alternative distribution or upgrade to the newest version of your favorite Linux distributions.

Extended Lifecycle Support for Oracle Enterprise Linux 6

End of life: March 2021

Extended Lifecycle Support will last until December 2024. Save significantly on Oracle Linux’s Premier Support by choosing Extended Lifecycle Support for ongoing Oracle Linux 6 maintenance.

Extended Lifecycle Support for Ubuntu 16.04

End of life: April 2021

Save on an Ubuntu 16.04 subscription by choosing Extended Lifecycle Support for ongoing Ubuntu 16.04 maintenance, providing updates for your Ubuntu servers until April 2025.

Frequently Asked Questions

Servers that run CentOS 6 versions are still working, but Red Hat is no longer providing updates covering CentOS release 6 for security vulnerabilities, as CentOS 6 reached end of life. When you see a new CVE that affects CentOS 6 you can assume that your system is now vulnerable and that there’s no fix on the horizon.

There is a way forward to safely run CentOS 6 beyond its EOL date. Just sign up for TuxCare’s ELS service for CentOS 6. We’ll cover you for critical security updates right through November 2024, with just the same patches you received from Red Hat Enterprise Linux.

Yes, but you need to find a way to ensure that you apply critical security patches if you run CentOS 6. You can develop these patches in-house if your organization has the required Linux server kernel development expertise.

Your alternative is to partner with a vendor that can provide these patches for you. Thanks to TuxCare extended lifecycle support, which includes full technical account management, you can now continue to use CentOS 6 right through to November 2024.

CentOS as most users knew it and used it has been discontinued. Yes, CentOS Stream is a viable replacement for some workloads, but for most others, there is no alternative to CentOS, other than either a paid RHEL subscription or switching to another Linux distribution.

CentOS 6 was replaced by CentOS 7, and later by CentOS 8. One problem with both replacements is the end-of-life dates – with CentOS 8 already end of life. The bigger problem is that there won’t be a CentOS 9, which means there’s no upgrade path: CentOS 8 is end of life, and there’s nothing to follow.

Red Hat says that CentOS Stream is the next logical step, but the reality is that CentOS Stream breaks 1:1 binary compatibility with RHEL. There just isn’t a matching CentOS Stream release for the fixed-release RHEL, and there won’t be a CentOS 9 to match RHEL 9. So, there’s no CentOS 6 replacement – but you could consider an alternative such as AlmaLinux or Oracle Linux.

Talk to a TuxCare Expert

Tell us your challenges and our experts will help you find the best approach to address them with the TuxCare product line.

Resources

State of Enterprise Linux Cybersecurity ... Read More State of Enterprise Linux Cybersecurity ...
Dangerous remotely exploitable vulnerability ... Read More Dangerous remotely exploitable vulnerability ...
Securing confidential research data ... Read More Securing confidential research data ...
State of Enterprise Vulnerability Detection ... Read More State of Enterprise Vulnerability Detection ...
Demand for Rapid Risk Elimination for ... Read More Demand for Rapid Risk Elimination for ...
TuxCare Free Raspberry Pi Patching Read More TuxCare Free Raspberry Pi Patching