similar to: Fwd: httpd24 Package Question

Alexander, These are the only two CVEs from 2016 that I found contained in the RPM that you referenced. - add security fix for CVE-2016-5387 - mod_ssl: add security fix for CVE-2016-4979 -- Tyler Waldo Information Security Associate Threat and Vulnerability Management Mobile: (650) 410-0776 On Tue, Dec 19, 2017 at 10:39 AM, Alexander Dalloz <ad+lists at uni-x.org> wrote: > Am

Hello, Specifically this is in reference to RHSA-2017:2483, which should increment the httpd24 packages to 25-9 in the SCL. The SA was released on August 16th 2017, so it has some age to it, but there's no corresponding CESA on it and the SCL for 6 still sits at the previous, 25-8. Some links for reference: https://access.redhat.com/errata/RHSA-2017:2483 Online repo:

Am 19.12.2017 um 18:44 schrieb Tyler Waldo: > Hello everybody > > I am looking to push out httpd24-httpd-2.4.25-9.el7 to my organization, but > I do not see it as being available on the mirror.centos.org site. I see a > git commit for this package in April and was wondering how long it takes an > rpm to become available once the commit has been completed.

It seems that httpd24-httpd from SCL is affected by CVE-2019-0211 [1]. Does the SIG has plans to update these rpms for EL6? [1] https://httpd.apache.org/security/vulnerabilities_24.html -- Thanks, LF

> Am 08.04.2019 um 17:49 schrieb Johnny Hughes <johnny at centos.org>: > > On 4/3/19 1:53 PM, Leon Fauster via CentOS wrote: >> It seems that httpd24-httpd from SCL is affected by CVE-2019-0211 [1]. >> >> Does the SIG has plans to update these rpms for EL6? >> >> [1] https://httpd.apache.org/security/vulnerabilities_24.html >> > >

On 10/28/2017 03:57 PM, Eric wrote: > Hello, > > Specifically this is in reference to RHSA-2017:2483, which should increment > the httpd24 packages to 25-9 in the SCL. The SA was released on August > 16th 2017, so it has some age to it, but there's no corresponding CESA on > it and the SCL for 6 still sits at the previous, 25-8. > > Some links for reference: >

Hi is there a yum repository for httpd 2.3 or 2.4 for CentOS 6.X anywhere? Like remi for php/mysql? thanks Jobst -- f u cn rd ths, u cn gt a gd jb n cmptr prgmmng. [Anon] | |0| | Jobst Schmalenbach, jobst at barrett.com.au, General Manager | | |0| Barrett Consulting Group P/L & The Meditation Room P/L |0|0|0| +61 3 9532 7677, POBox 277, Caulfield South, 3162, Australia

On 4/3/19 1:53 PM, Leon Fauster via CentOS wrote: > It seems that httpd24-httpd from SCL is affected by CVE-2019-0211 [1]. > > Does the SIG has plans to update these rpms for EL6? > > [1] https://httpd.apache.org/security/vulnerabilities_24.html > https://access.redhat.com/security/cve/cve-2019-0211 That says SCLs are affected .. BUT .. they do not yet have a plan. The

Hi Everyone, I have a CentOS 7 box that's refusing a rpm update. I suspect it has something to do with SCL enabled. The 'yum update' output is shown below. I need to force this package to install. I don't give a damn about the log files. I need that server patched since it is forward facing. Taking the server offline is not an option. How do I force the package installation?

Hi Team I am planning to use mod_evasive to prevent dos attackS . I am using httpd24-httpd-2.4.34-7.el6.x86_64 (httpd software collections) on Centos 6.5 . Do we have mod_evasive rpm wrt to this httpd version ? Thanks and regards AKshar

I have recently built and packaged httpd-2.4.9 from source provided by apache.org together with apr-1.5.0 and apr-util-1.5.3. I removed mod_socache_dc from the httpd.spec file so that the complete build provides the following packages: apr-1.5.0-1.el6.x86_64.rpm apr-debuginfo-1.5.0-1.el6.x86_64.rpm apr-devel-1.5.0-1.el6.x86_64.rpm apr-util-1.5.3-1.el6.x86_64.rpm

Hello, My server with CentOS 6.8 just failed PCI scan, so I'm looking into vulnerable packages. PHP 5.3.3 have multiple vulnerabilities, some of them are fixed/patched or have some kind of workaround. But I can't find a way to fix this one. Red Hat state: under investigation. https://access.redhat.com/security/cve/cve-2016-4073 This CVE is 6 months old, and it doesn't look like it

Hi folks, On April 11th 2019 RedHat has responded to httpd: privilege escalation from modules scripts (CVE-2019-0211) mod_auth_mellon: authentication bypass in ECP flow (CVE-2019-3878) building a patched Apache http24 version for Software Collections - https://access.redhat.com/errata/RHSA-2019:0746 When can we expect this will be done for the SCL CentOS 7? Regards, Vesselin

Pete Biggs wrote: > On Mon, 2017-12-11 at 15:44 -0600, Frank Cox wrote: >> On Mon, 11 Dec 2017 16:32:06 -0500 >> Larry Martell wrote: >> >> > Can I make that the default python? >> >> ~/.bashrc >> > No. I'm not entirely sure that is a good idea! No, not all. > > 'scl enable python27 bash' creates a *new* shell with the correct

Hi Centos Team, It seems this is partially resolved. The issue now is that rh-git29-runtime cannot be found by yum but the package itself is in the repo directory: http://mirrors.usc.edu/pub/linux/distributions/centos/7/sclo/x86_64/rh/rh-git29/rh-git29-runtime-2.3-4.el7.x86_64.rpm [root at ldas-pcdev4 ~]# yum install rh-git29-git Loaded plugins: auto-update-debuginfo, langpacks, priorities

I am pleased to announce the immediate availability of version 2.4 of the Apache HTTP Server on CentOS Linux 6 x86_64, delivered via a Software Collection (SCL) built by the SCLo Special Interest Group (https://wiki.centos.org/SpecialInterestGroup/SCLo). QuickStart ---------- You can get started in three easy steps: $ sudo yum install centos-release-scl $ sudo yum install httpd24-httpd

I am pleased to announce the immediate availability of version 2.4 of the Apache HTTP Server on CentOS Linux 7 x86_64, delivered via a Software Collection (SCL) built by the SCLo Special Interest Group (https://wiki.centos.org/SpecialInterestGroup/SCLo). QuickStart ---------- You can get started in three easy steps: $ sudo yum install centos-release-scl $ sudo yum install httpd24-httpd $ scl

Hello, New subscriber here. I noticed that the FTS index is not used in compound searches. Is this expected? Tested in 2.0.0 and 2.0.8: . search BODY "waldo" * SEARCH . OK Search completed (0.000 secs). . SEARCH CHARSET UTF-8 OR SUBJECT "waldo" FROM "waldo" * SEARCH . OK Search completed (1.768 secs). . SEARCH CHARSET UTF-8 OR SUBJECT "waldo" BODY

On 12 September 2017 at 15:29, Alan McKay <alan.mckay at gmail.com> wrote: > Hi folks, > > I have been googling for a few weeks now and not finding anything. > Apache 2.2 is EOL at the end of this year. > > Has Red Hat announced a plan yet on what they are doing in RHEL6? > > I am assuming they will up-version from 6.9 to 6.10 and as part of > that upgrade from

Can anyone recommend a company that does professional Asterisk recordings for things like IVR, greetings, MOH, announcements, etc? Thanks, Waldo