Mitch Patenaude
2012-May-08 00:16 UTC
[CentOS] Equivalent RHEL package for CentOS httpd package?
I'm trying to find out if a particular RedHat patch has been ported to CentOS yet. In particular, this vulnerability: CVE-2011-3607 According to this: https://rhn.redhat.com/errata/RHSA-2012-0323.html it has been patched as of httpd-2.2.3-63.el5_8.1.x86_64.rpm Now, in the latest CentOS repository, I find httpd-2.2.3-63.el5.centos.1.x86_64.rpm Is this the same (or later) release? I suspect not, because the el5 !el5_8.1, but I'm not 100% sure I understand the mapping between the two sets of RPM names. Thanks, -- Mitch Patenaude mpatenaude at shutterfly.com
Johnny Hughes
2012-May-08 00:43 UTC
[CentOS] Equivalent RHEL package for CentOS httpd package?
On 05/07/2012 07:16 PM, Mitch Patenaude wrote:> I'm trying to find out if a particular RedHat patch has been ported to > CentOS yet. > > In particular, this vulnerability: CVE-2011-3607 > > According to this: https://rhn.redhat.com/errata/RHSA-2012-0323.html it > has been patched as of httpd-2.2.3-63.el5_8.1.x86_64.rpm > > Now, in the latest CentOS repository, I find > httpd-2.2.3-63.el5.centos.1.x86_64.rpm > > Is this the same (or later) release? I suspect not, because the el5 !> el5_8.1, but I'm not 100% sure I understand the mapping between the two > sets of RPM names.You suspect wrong :) We keep the dist tags the same for packages that we do not modify for branding ... so if that was an unmodified package, it would have a .el5_8 dist tag, just like upstream. BUT ... for packages that we modify ... we always use a ".el5.centos" dist tag unless forced to use something else for some reason. So, since httpd is a modified package, "httpd-2.2.3-63.el5.centos.1.x86_64.rpm" ="httpd-2.2.3-63.el5_8.1.x86_64.rpm" -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 262 bytes Desc: OpenPGP digital signature URL: <http://lists.centos.org/pipermail/centos/attachments/20120507/dd6c7eb2/attachment.sig>
Peter Kjellström
2012-May-08 11:36 UTC
[CentOS] Equivalent RHEL package for CentOS httpd package?
On Tuesday 08 May 2012 00.16.15 Mitch Patenaude wrote:> I'm trying to find out if a particular RedHat patch has been ported to > CentOS yet. > > In particular, this vulnerability: CVE-2011-3607Johnny already explained the version naming I'm just adding a way to see if a certain pkg has a certain fix: $ yumdownloader httpd (yumdownloader is in the yum-utils pkg) $ rpm -qp --changelog httpd*.rpm | less (search for your CVE) /Peter -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 198 bytes Desc: This is a digitally signed message part. URL: <http://lists.centos.org/pipermail/centos/attachments/20120508/3a9a059a/attachment.sig>