httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From William A Rowe Jr <wr...@rowe-clan.net>
Subject Re: [users@httpd] Apache HTTP Server Prior to 2.4.12 Multiple Vulnerabilities
Date Tue, 18 Jun 2019 13:49:02 GMT
On Tue, Jun 18, 2019 at 6:41 AM Richard <lists-apache@listmail.innovate.net>
wrote:

>
> > Date: Tuesday, June 18, 2019 05:38:50 +0000
> > From: Satish Chhatpar 02 <ChhatpS02@cpwplc.com>
> >
> > How to patch Apache 2.4.6 to latest release on RHEL 7.4?
> >
>
> RedHat backports patches to the base version, keeping the version
> number stable within an OS release. I.e., RH-7 will maintain the
> 2.4.6 httpd version number. You need to look at the number after that
> (currently 2.4.6-89) to see the incremental change numbering. You can
> look up the CVEs against RH's change log and/or update announcements
> for a package to see that an issue has been addressed. From what I
> have seen, RH tends to have updated httpd packages out very quickly
> following a vulnerability announcement.
>
> By the way, RH-7 is currently at .6, which came out late last year. A
> .4 system is missing about 18 months of updates.
>

Alternately, look at the RHSCL repos for httpd24, which offers a far more
modern version of httpd, of other server and proxy software, and commonly
used web content authoring languages;

https://access.redhat.com/documentation/en-us/red_hat_software_collections/3/html/3.3_release_notes/sect-RHSCL-Features#tabl-RHSCL-Components

Mime
View raw message