Httpd24 Package Question
Hello everybody
I am looking to push out httpd24-httpd-2.4.25-9.el7 to my organization, but I do not see it as being available on the mirror.CentOS.org site. I see a git commit for this package in April and was wondering how long it takes an rpm to become available once the commit has been completed.
Also, I don’t see the following CVEs addressed in any httpd24 changelogs and wanted to know if they were ever planning on being addressed in an httpd24 rpm?
– CVE-2016-0736
– CVE-2016-2161
– CVE-2016-8743
– CVE-2016-1546
– CVE-2016-8740
3 thoughts on - Httpd24 Package Question
Am 19.12.2017 um 18:44 schrieb Tyler Waldo:
http://mirror.CentOS.org/CentOS/7/sclo/x86_64/rh/httpd24/
https://www.softwarecollections.org/en/scls/rhscl/httpd24/
Latest version is http://mirror.CentOS.org/CentOS/7/sclo/x86_64/rh/httpd24/httpd24-httpd-2.4.27-8.el7.x86_64.rpm
I haven’t checked whether it has fixes for the named CVEs.
Alexander
Alexander,
These are the only two CVEs from 2016 that I found contained in the RPM
that you referenced.
– add security fix for CVE-2016-5387
– mod_ssl: add security fix for CVE-2016-4979
Am 20.12.2017 um 00:40 schrieb Tyler Waldo:
Tyler,
according to https://www-us.apache.org/dist//httpd/CHANGES_2.4 many of the CVEs you mentioned were fixed in 2.4.24. So 2.4.25 and 2.4.27 used by the SCL RPMs should cover them.
Alexander