httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Dan Ehrlich <...@ehrlichserver.com.INVALID>
Subject Re: [users@httpd] Re: CVE-2019-0211/0215/0217
Date Sun, 07 Apr 2019 07:36:23 GMT
I’ve seen a few CVEs now that are low level but pretty much effect every version from 2.4.30ish
and back. 

The default Apache versions in the Debian and Ubuntu repos are 2.4.25 and 2.4.29 respectively.

QUESTIONS:
1. Anyway to move the versions up (assuming I didn’t miss something) ?
2. Happy to help / take on task if someone can point me in the right direction 


> On Apr 6, 2019, at 11:14 PM, Sunhux G <sunhux@gmail.com> wrote:
> 
> Also, 
> can we safely say CVE-2019-0217 & CVE-2019-0215 affects "2.4.17 through 2.4.38 with
MPM event, worker or prefork" only (just like CVE-2019-0211)?
> 
> How do I check if we have "MPM event, worker or prefork" in our Apache?
> 
> 
>> On Sat, Apr 6, 2019 at 10:59 PM Sunhux G <sunhux@gmail.com> wrote:
>> 
>> Are above CVEs affecting Apache httpd (ie web servers) 2.4.x  only 
>> & other lower versions (eg: our Solaris 10's  Apache/2.0.63) are not
>> affected?
>> 
>> Can point me to where to get the patches for RHEL7/RHEL6
>> in Red Hat support portal or anywhere else that's reliable??
>> 
>> Sun

Mime
View raw message