Re: Fwd: httpd24 Package Question

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] 

Am 20.12.2017 um 00:40 schrieb Tyler Waldo:

Alexander,


These are the only two CVEs from 2016 that I found contained in the RPM
that you referenced.


- add security fix for CVE-2016-5387

- mod_ssl: add security fix for CVE-2016-4979




Tyler Waldo
Information Security Associate
Threat and Vulnerability Management
Mobile: (650) 410-0776


Tyler,
according to https://www-us.apache.org/dist//httpd/CHANGES_2.4 many of the CVEs you mentioned were fixed in 2.4.24. So 2.4.25 and 2.4.27 used by the SCL RPMs should cover them. 

Alexander
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
https://lists.centos.org/mailman/listinfo/centos
[Index of Archives]     [CentOS]     [CentOS Announce]     [CentOS Development]     [CentOS ARM Devel]     [CentOS Docs]     [CentOS Virtualization]     [Carrier Grade Linux]     [Linux Media]     [Asterisk]     [DCCP]     [Netdev]     [Xorg]     [Linux USB]

  Powered by Linux