> Date: Tuesday, May 05, 2020 18:09:47 +0530 > From: Kushagra Bindal <bindal.kushagra@xxxxxxxxx> > > Hi Experts, > > I am new to HTTP Server. We are currently running on centos 7.7 > version and we are currently using > httpd-2.4.6-90.el7.centos.x86_64 version. > > This version is having multiple vulnerabilities and thus we need to > upgrade our system to latest available version i.e. 2.4.43. But I > am not able to found any rpm file which I can use on my centos 7.7 > environment. > The current release of centos is 7.8, which includes httpd-2.4.6-93.el7. The RH (and so centos) approach is to keep the base release of a package as stable as possible over the life of the RH release. To do this they backport security, bug fixes and enhancements into the package base -- hence the "-93" on their current httpd 2.4.6 package naming. They tend to be very good and current on these updates, so I suspect (without going through all the CVEs) that the announced security issues have been dealt with in the current RH/centos -93 release. You can check any CVEs you have specific concern about against their announcements and change logs. There may be other, functional, reasons to move to 2.4.43, but I don't think that open CVEs is likely one of them. --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|