Reconciling security advisories
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
If a vulnerability is listed on the 2.4
page (https://httpd.apache.org/security/vulnerabilities_24.html)
- let's pick on CVE-2014-0226 for mod_status and it is listed as affecting
2.4.9 down to 2.4.1, would 2.2.x also be vulnerable? It is not specifically
listed on the 2.2 vulnerability page (https://httpd.apache.org/security/vulnerabilities_22.html).
To add to any confusion, we are using
the RHEL 6 RPM install of httpd, which is based on 2.2.15 with fixes added.
So they have a versioning scheme of 2.2.15-## (currently 30). A new update
was released stating that CVE-2014-0226 is corrected.
Did Red Hat re-engineer the 2.4 fix
for 2.2?
Thank you for any input anyone may have.
Mike Beadle
Engineer - Collaborative Systems,
Information Technology • Securian Financial Group
400 Robert Street North •
St. Paul, MN 55101-2098
651-665-7620
michael.beadle@xxxxxxxxxxxx
• www.securian.com
Securian Financial Group –
Financial security for the long run ®
This email transmission and
any file attachments may contain confidential information intended solely
for the use of the individual or entity to whom it is addressed. If you
have received this email message in error, please notify the sender and
delete this email from your system. If you are not the intended recipient,
you may not disclose, copy, or distribute the contents of this email.
[Index of Archives]
[Open SSH Users]
[Linux ACPI]
[Linux Kernel]
[Linux Laptop]
[Kernel Newbies]
[Security]
[Netfilter]
[Bugtraq]
[Squid]
[Yosemite News]
[MIPS Linux]
[ARM Linux]
[Linux Security]
[Linux RAID]
[Samba]
[Video 4 Linux]
[Device Mapper]
