On 4/3/19 1:53 PM, Leon Fauster via CentOS wrote: > It seems that httpd24-httpd from SCL is affected by CVE-2019-0211 [1]. > > Does the SIG has plans to update these rpms for EL6? > > [1] https://httpd.apache.org/security/vulnerabilities_24.html > https://access.redhat.com/security/cve/cve-2019-0211 That says SCLs are affected .. BUT .. they do not yet have a plan. The SIG should buidl whatever Red Hat releases for httpd24 .. if they release anything. Remember, EL6 is in Maintenance Support phase 2 (and has been for almost 24 months).. that means what is specified here for RHEL sources: https://access.redhat.com/support/policy/updates/errata Specifically: ""During the Maintenance Support 2 Phase, Critical impact Security Advisories (RHSAs) and selected Urgent Priority Bug Fix Advisories (RHBAs) may be released as they become available. Other errata advisories may be delivered as appropriate. New functionality and new hardware enablement are not planned for availability in the Maintenance Support 2 Phase. Minor releases with updated installation images may be made available in this Phase." So .. They may or may not release a security update after investigation. It is time to plan your move from EL6 to EL7 ...
Attachment:
signature.asc
Description: OpenPGP digital signature
_______________________________________________ CentOS mailing list CentOS@xxxxxxxxxx https://lists.centos.org/mailman/listinfo/centos
