similar to: CVE-2019-0211 httpd24 / EL6

Displaying 20 results from an estimated 1000 matches similar to: "CVE-2019-0211 httpd24 / EL6"

2019 Apr 08
1
CVE-2019-0211 httpd24 / EL6
> Am 08.04.2019 um 17:49 schrieb Johnny Hughes <johnny at centos.org>: > > On 4/3/19 1:53 PM, Leon Fauster via CentOS wrote: >> It seems that httpd24-httpd from SCL is affected by CVE-2019-0211 [1]. >> >> Does the SIG has plans to update these rpms for EL6? >> >> [1] https://httpd.apache.org/security/vulnerabilities_24.html >> > >
2019 Apr 08
0
CVE-2019-0211 httpd24 / EL6
On 4/3/19 1:53 PM, Leon Fauster via CentOS wrote: > It seems that httpd24-httpd from SCL is affected by CVE-2019-0211 [1]. > > Does the SIG has plans to update these rpms for EL6? > > [1] https://httpd.apache.org/security/vulnerabilities_24.html > https://access.redhat.com/security/cve/cve-2019-0211 That says SCLs are affected .. BUT .. they do not yet have a plan. The
2017 Dec 19
2
Fwd: httpd24 Package Question
Hello everybody I am looking to push out httpd24-httpd-2.4.25-9.el7 to my organization, but I do not see it as being available on the mirror.centos.org site. I see a git commit for this package in April and was wondering how long it takes an rpm to become available once the commit has been completed. Also, I don't see the following CVEs addressed in any httpd24 changelogs and wanted to know
2014 Nov 14
2
EL5 Security Policy for the final 3 years
Red Hat's Security policy for Production 3 Phase of the Life Cycle for EL5 is that they will only release "Critical impact Security Advisories (RHSAs) and selected Urgent Priority Bug Fix Advisories (RHBAs) may be released as they become available. Other errata advisories may be delivered as appropriate." https://access.redhat.com/support/policy/updates/errata/#Production_3_Phase
2019 Apr 16
1
CVE-2019-0211 CentOS SCL httpd24 patches
Hi folks, On April 11th 2019 RedHat has responded to httpd: privilege escalation from modules scripts (CVE-2019-0211) mod_auth_mellon: authentication bypass in ECP flow (CVE-2019-3878) building a patched Apache http24 version for Software Collections - https://access.redhat.com/errata/RHSA-2019:0746 When can we expect this will be done for the SCL CentOS 7? Regards, Vesselin
2017 Oct 28
2
CentOS 6 SCL - httpd24 still being updated?
Hello, Specifically this is in reference to RHSA-2017:2483, which should increment the httpd24 packages to 25-9 in the SCL. The SA was released on August 16th 2017, so it has some age to it, but there's no corresponding CESA on it and the SCL for 6 still sits at the previous, 25-8. Some links for reference: https://access.redhat.com/errata/RHSA-2017:2483 Online repo:
2014 Dec 29
1
Design changes are done in Fedora
On 29/12/14 01:52, Always Learning wrote: > > On Thu, 2014-12-18 at 10:30 -0600, Les Mikesell wrote: > >> .............. The design changes are done in Fedora, by >> people who apparently never liked unix or consistency, not the people >> using Red Hat or CentOS that already have things working that they >> would like to keep working the same way across upgrades.
2015 Nov 23
2
httpd 2.3 or 2.4 repository for CentOS 6.X anywhere?
Hi is there a yum repository for httpd 2.3 or 2.4 for CentOS 6.X anywhere? Like remi for php/mysql? thanks Jobst -- f u cn rd ths, u cn gt a gd jb n cmptr prgmmng. [Anon] | |0| | Jobst Schmalenbach, jobst at barrett.com.au, General Manager | | |0| Barrett Consulting Group P/L & The Meditation Room P/L |0|0|0| +61 3 9532 7677, POBox 277, Caulfield South, 3162, Australia
2009 Jun 16
2
CentOS security advisories
I have been looking at the security advisories provided here: http://lists.centos.org/pipermail/centos-announce/ It appears that there is not a 1:1 correlation between advisories listed here and advisories listed by Red Hat: https://rhn.redhat.com/errata Is there a specific reason for this? Also, is there an alternate location to find all Errata information for CentOS? Joshua Bahnsen
2017 Dec 19
0
Fwd: httpd24 Package Question
Am 19.12.2017 um 18:44 schrieb Tyler Waldo: > Hello everybody > > I am looking to push out httpd24-httpd-2.4.25-9.el7 to my organization, but > I do not see it as being available on the mirror.centos.org site. I see a > git commit for this package in April and was wondering how long it takes an > rpm to become available once the commit has been completed.
2017 Dec 19
1
Fwd: httpd24 Package Question
Alexander, These are the only two CVEs from 2016 that I found contained in the RPM that you referenced. - add security fix for CVE-2016-5387 - mod_ssl: add security fix for CVE-2016-4979 -- Tyler Waldo Information Security Associate Threat and Vulnerability Management Mobile: (650) 410-0776 On Tue, Dec 19, 2017 at 10:39 AM, Alexander Dalloz <ad+lists at uni-x.org> wrote: > Am
2017 Oct 29
0
CentOS 6 SCL - httpd24 still being updated?
On 10/28/2017 03:57 PM, Eric wrote: > Hello, > > Specifically this is in reference to RHSA-2017:2483, which should increment > the httpd24 packages to 25-9 in the SCL. The SA was released on August > 16th 2017, so it has some age to it, but there's no corresponding CESA on > it and the SCL for 6 still sits at the previous, 25-8. > > Some links for reference: >
2019 Nov 11
0
Mod_evasive for HTTPD24 (Software collections)
Hi Team I am planning to use mod_evasive to prevent dos attackS . I am using httpd24-httpd-2.4.34-7.el6.x86_64 (httpd software collections) on Centos 6.5 . Do we have mod_evasive rpm wrt to this httpd version ? Thanks and regards AKshar
2009 Apr 24
3
CentOS 4.7 glibc update: not announced?
Quick Q: while running my A.M. update today, I see several updates that I haven't seen announced yet. The one concerning me is glibc. I killed the update since it glibc is so central to a system. Is it safe to install? If so, I presume I'll want to update it first and then the rest of the system? TIA for any information. -- Bill
2017 Dec 11
2
upgrading python
Pete Biggs wrote: > On Mon, 2017-12-11 at 15:44 -0600, Frank Cox wrote: >> On Mon, 11 Dec 2017 16:32:06 -0500 >> Larry Martell wrote: >> >> > Can I make that the default python? >> >> ~/.bashrc >> > No. I'm not entirely sure that is a good idea! No, not all. > > 'scl enable python27 bash' creates a *new* shell with the correct
2014 Apr 15
1
Contributing packages
I have recently built and packaged httpd-2.4.9 from source provided by apache.org together with apr-1.5.0 and apr-util-1.5.3. I removed mod_socache_dc from the httpd.spec file so that the complete build provides the following packages: apr-1.5.0-1.el6.x86_64.rpm apr-debuginfo-1.5.0-1.el6.x86_64.rpm apr-devel-1.5.0-1.el6.x86_64.rpm apr-util-1.5.3-1.el6.x86_64.rpm
2014 Sep 16
2
repoquery -f does not work well.
Hi. I've found inconstancy between output of repoquery and rpm. I was looking forward towards apache php 5.4 module which must provided by some package SCL (can someone tell me?). rpm -qf /etc/httpd/modules/mod_proxy.so httpd-2.2.15-29.el6.centos.x86_64 repoquery -qf /etc/httpd/modules/mod_proxy.so so repoquery results in no output yum list installed httpd Loaded plugins: fastestmirror
2005 Jun 24
3
Sarah: RHSA tracking tool
Hi, I'm working on a RHSA tracking tool, named Sarah. It allows you to build a local RHSA database of different RHEL releases and then allows you to verify systems for compliance (and lists applicable RHSA and required packages). But before releasing my prototype, I would like to know what requirements people have. How they would be using such a tool and what for reports they need to
2014 Sep 30
2
Bash package for CentOS5
Hi! I have noticed, that our mirror has this package bash-3.2-33.el5_11.4.x86_64.rpm, but a lot of other mirror still have bash-3.2-33.el5_10.4.x86_64.rpm. Since bash-3.2-33.el5_11.4.x86_64.rpm was issued on 26-Sep-2014 04:28, could this be the product of slower mirror update cycles? Regards, Mitja -- -- Mitja Miheli? ARNES, Tehnolo?ki park 18, p.p. 7, SI-1001 Ljubljana, Slovenia tel: +386
2020 Jul 01
1
Force package install using yum?
Hi Everyone, I have a CentOS 7 box that's refusing a rpm update. I suspect it has something to do with SCL enabled. The 'yum update' output is shown below. I need to force this package to install. I don't give a damn about the log files. I need that server patched since it is forward facing. Taking the server offline is not an option. How do I force the package installation?