similar to: CVE-2019-0211 httpd24 / EL6

> Am 08.04.2019 um 17:49 schrieb Johnny Hughes <johnny at centos.org>: > > On 4/3/19 1:53 PM, Leon Fauster via CentOS wrote: >> It seems that httpd24-httpd from SCL is affected by CVE-2019-0211 [1]. >> >> Does the SIG has plans to update these rpms for EL6? >> >> [1] https://httpd.apache.org/security/vulnerabilities_24.html >> > >

On 4/3/19 1:53 PM, Leon Fauster via CentOS wrote: > It seems that httpd24-httpd from SCL is affected by CVE-2019-0211 [1]. > > Does the SIG has plans to update these rpms for EL6? > > [1] https://httpd.apache.org/security/vulnerabilities_24.html > https://access.redhat.com/security/cve/cve-2019-0211 That says SCLs are affected .. BUT .. they do not yet have a plan. The

Hello everybody I am looking to push out httpd24-httpd-2.4.25-9.el7 to my organization, but I do not see it as being available on the mirror.centos.org site. I see a git commit for this package in April and was wondering how long it takes an rpm to become available once the commit has been completed. Also, I don't see the following CVEs addressed in any httpd24 changelogs and wanted to know

Red Hat's Security policy for Production 3 Phase of the Life Cycle for EL5 is that they will only release "Critical impact Security Advisories (RHSAs) and selected Urgent Priority Bug Fix Advisories (RHBAs) may be released as they become available. Other errata advisories may be delivered as appropriate." https://access.redhat.com/support/policy/updates/errata/#Production_3_Phase

Hi folks, On April 11th 2019 RedHat has responded to httpd: privilege escalation from modules scripts (CVE-2019-0211) mod_auth_mellon: authentication bypass in ECP flow (CVE-2019-3878) building a patched Apache http24 version for Software Collections - https://access.redhat.com/errata/RHSA-2019:0746 When can we expect this will be done for the SCL CentOS 7? Regards, Vesselin

Hello, Specifically this is in reference to RHSA-2017:2483, which should increment the httpd24 packages to 25-9 in the SCL. The SA was released on August 16th 2017, so it has some age to it, but there's no corresponding CESA on it and the SCL for 6 still sits at the previous, 25-8. Some links for reference: https://access.redhat.com/errata/RHSA-2017:2483 Online repo:

On 29/12/14 01:52, Always Learning wrote: > > On Thu, 2014-12-18 at 10:30 -0600, Les Mikesell wrote: > >> .............. The design changes are done in Fedora, by >> people who apparently never liked unix or consistency, not the people >> using Red Hat or CentOS that already have things working that they >> would like to keep working the same way across upgrades.

Hi is there a yum repository for httpd 2.3 or 2.4 for CentOS 6.X anywhere? Like remi for php/mysql? thanks Jobst -- f u cn rd ths, u cn gt a gd jb n cmptr prgmmng. [Anon] | |0| | Jobst Schmalenbach, jobst at barrett.com.au, General Manager | | |0| Barrett Consulting Group P/L & The Meditation Room P/L |0|0|0| +61 3 9532 7677, POBox 277, Caulfield South, 3162, Australia

I have been looking at the security advisories provided here: http://lists.centos.org/pipermail/centos-announce/ It appears that there is not a 1:1 correlation between advisories listed here and advisories listed by Red Hat: https://rhn.redhat.com/errata Is there a specific reason for this? Also, is there an alternate location to find all Errata information for CentOS? Joshua Bahnsen

Am 19.12.2017 um 18:44 schrieb Tyler Waldo: > Hello everybody > > I am looking to push out httpd24-httpd-2.4.25-9.el7 to my organization, but > I do not see it as being available on the mirror.centos.org site. I see a > git commit for this package in April and was wondering how long it takes an > rpm to become available once the commit has been completed.

Alexander, These are the only two CVEs from 2016 that I found contained in the RPM that you referenced. - add security fix for CVE-2016-5387 - mod_ssl: add security fix for CVE-2016-4979 -- Tyler Waldo Information Security Associate Threat and Vulnerability Management Mobile: (650) 410-0776 On Tue, Dec 19, 2017 at 10:39 AM, Alexander Dalloz <ad+lists at uni-x.org> wrote: > Am

On 10/28/2017 03:57 PM, Eric wrote: > Hello, > > Specifically this is in reference to RHSA-2017:2483, which should increment > the httpd24 packages to 25-9 in the SCL. The SA was released on August > 16th 2017, so it has some age to it, but there's no corresponding CESA on > it and the SCL for 6 still sits at the previous, 25-8. > > Some links for reference: >

Hi Team I am planning to use mod_evasive to prevent dos attackS . I am using httpd24-httpd-2.4.34-7.el6.x86_64 (httpd software collections) on Centos 6.5 . Do we have mod_evasive rpm wrt to this httpd version ? Thanks and regards AKshar

Quick Q: while running my A.M. update today, I see several updates that I haven't seen announced yet. The one concerning me is glibc. I killed the update since it glibc is so central to a system. Is it safe to install? If so, I presume I'll want to update it first and then the rest of the system? TIA for any information. -- Bill

Pete Biggs wrote: > On Mon, 2017-12-11 at 15:44 -0600, Frank Cox wrote: >> On Mon, 11 Dec 2017 16:32:06 -0500 >> Larry Martell wrote: >> >> > Can I make that the default python? >> >> ~/.bashrc >> > No. I'm not entirely sure that is a good idea! No, not all. > > 'scl enable python27 bash' creates a *new* shell with the correct

I have recently built and packaged httpd-2.4.9 from source provided by apache.org together with apr-1.5.0 and apr-util-1.5.3. I removed mod_socache_dc from the httpd.spec file so that the complete build provides the following packages: apr-1.5.0-1.el6.x86_64.rpm apr-debuginfo-1.5.0-1.el6.x86_64.rpm apr-devel-1.5.0-1.el6.x86_64.rpm apr-util-1.5.3-1.el6.x86_64.rpm

Hi. I've found inconstancy between output of repoquery and rpm. I was looking forward towards apache php 5.4 module which must provided by some package SCL (can someone tell me?). rpm -qf /etc/httpd/modules/mod_proxy.so httpd-2.2.15-29.el6.centos.x86_64 repoquery -qf /etc/httpd/modules/mod_proxy.so so repoquery results in no output yum list installed httpd Loaded plugins: fastestmirror

Hi, I'm working on a RHSA tracking tool, named Sarah. It allows you to build a local RHSA database of different RHEL releases and then allows you to verify systems for compliance (and lists applicable RHSA and required packages). But before releasing my prototype, I would like to know what requirements people have. How they would be using such a tool and what for reports they need to

Hi! I have noticed, that our mirror has this package bash-3.2-33.el5_11.4.x86_64.rpm, but a lot of other mirror still have bash-3.2-33.el5_10.4.x86_64.rpm. Since bash-3.2-33.el5_11.4.x86_64.rpm was issued on 26-Sep-2014 04:28, could this be the product of slower mirror update cycles? Regards, Mitja -- -- Mitja Miheli? ARNES, Tehnolo?ki park 18, p.p. 7, SI-1001 Ljubljana, Slovenia tel: +386

Hi Everyone, I have a CentOS 7 box that's refusing a rpm update. I suspect it has something to do with SCL enabled. The 'yum update' output is shown below. I need to force this package to install. I don't give a damn about the log files. I need that server patched since it is forward facing. Taking the server offline is not an option. How do I force the package installation?