> Date: Tuesday, May 05, 2020 18:09:47 +0530
> From: Kushagra Bindal <bindal.kushagra@xxxxxxxxx>
>
> Hi Experts,
>
> I am new to HTTP Server. We are currently running on centos 7.7
> version and we are currently using
> httpd-2.4.6-90.el7.centos.x86_64 version.
>
> This version is having multiple vulnerabilities and thus we need to
> upgrade our system to latest available version i.e. 2.4.43. But I
> am not able to found any rpm file which I can use on my centos 7.7
> environment.
>
The current release of centos is 7.8, which includes
httpd-2.4.6-93.el7. The RH (and so centos) approach is to keep the
base release of a package as stable as possible over the life of the
RH release. To do this they backport security, bug fixes and
enhancements into the package base -- hence the "-93" on their
current httpd 2.4.6 package naming. They tend to be very good and
current on these updates, so I suspect (without going through all the
CVEs) that the announced security issues have been dealt with in the
current RH/centos -93 release. You can check any CVEs you have
specific concern about against their announcements and change logs.
There may be other, functional, reasons to move to 2.4.43, but I
don't think that open CVEs is likely one of them.
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx