Re: Re: CVE-2019-0211/0215/0217

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

I’ve seen a few CVEs now that are low level but pretty much effect every version from 2.4.30ish and back. 

The default Apache versions in the Debian and Ubuntu repos are 2.4.25 and 2.4.29 respectively.

QUESTIONS:
1. Anyway to move the versions up (assuming I didn’t miss something) ?
2. Happy to help / take on task if someone can point me in the right direction 


On Apr 6, 2019, at 11:14 PM, Sunhux G <sunhux@xxxxxxxxx> wrote:

Also,
can we safely say CVE-2019-0217 & CVE-2019-0215 affects "2.4.17 through 2.4.38 with MPM event, worker or prefork" only (just like CVE-2019-0211)?

How do I check if we have "MPM event, worker or prefork" in our Apache?


On Sat, Apr 6, 2019 at 10:59 PM Sunhux G <sunhux@xxxxxxxxx> wrote:

Are above CVEs affecting Apache httpd (ie web servers) 2.4.x  only
& other lower versions (eg: our Solaris 10's  Apache/2.0.63) are not
affected?

Can point me to where to get the patches for RHEL7/RHEL6
in Red Hat support portal or anywhere else that's reliable??

Sun
[Index of Archives]     [Open SSH Users]     [Linux ACPI]     [Linux Kernel]     [Linux Laptop]     [Kernel Newbies]     [Security]     [Netfilter]     [Bugtraq]     [Squid]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Samba]     [Video 4 Linux]     [Device Mapper]

  Powered by Linux