Re: Apache HTTP Server Prior to 2.4.12 Multiple Vulnerabilities

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On Tue, Jun 18, 2019 at 6:41 AM Richard <lists-apache@xxxxxxxxxxxxxxxxxxxxx> wrote:

> Date: Tuesday, June 18, 2019 05:38:50 +0000
> From: Satish Chhatpar 02 <ChhatpS02@xxxxxxxxxx>
>
> How to patch Apache 2.4.6 to latest release on RHEL 7.4?
>

RedHat backports patches to the base version, keeping the version
number stable within an OS release. I.e., RH-7 will maintain the
2.4.6 httpd version number. You need to look at the number after that
(currently 2.4.6-89) to see the incremental change numbering. You can
look up the CVEs against RH's change log and/or update announcements
for a package to see that an issue has been addressed. From what I
have seen, RH tends to have updated httpd packages out very quickly
following a vulnerability announcement.

By the way, RH-7 is currently at .6, which came out late last year. A
.4 system is missing about 18 months of updates.

Alternately, look at the RHSCL repos for httpd24, which offers a far more
modern version of httpd, of other server and proxy software, and commonly
used web content authoring languages;

https://access.redhat.com/documentation/en-us/red_hat_software_collections/3/html/3.3_release_notes/sect-RHSCL-Features#tabl-RHSCL-Components


[Index of Archives]     [Open SSH Users]     [Linux ACPI]     [Linux Kernel]     [Linux Laptop]     [Kernel Newbies]     [Security]     [Netfilter]     [Bugtraq]     [Squid]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Samba]     [Video 4 Linux]     [Device Mapper]

  Powered by Linux