[CentOS] Backporting and Apache 2.0.52 is 4 1/2 years old

Les Mikesell lesmikesell at gmail.com
Sun Mar 22 21:29:47 UTC 2009


Rainer Duffner wrote:
> Am 22.03.2009 um 20:40 schrieb Rob Townley:
> 
>> http://httpd.apache.org/security/vulnerabilities_20.html
>>
>> states that Apache 2.0.52 is 4 years old and the latest version is  
>> 2.0.68.
>> i am no longer a httpd expert, but at least one of the security fixes
>> involves XSS attacks via malformed ftp commands.  I also realize that
>> redhat / centos may patch things separately from Apache and that the
>> sysadmin has  a great deal to do with how secure things are, but
>> almost 5 years?
>>
> 
> 
> 
> Download the src-RPM and make a checklist which CVEs are fixed and  
> which not.
> (It's in a changelog-file somewhere - I don't remember the details,  
> it's a while that I actually looked)
> 
> Then, return here.

Try:

rpm -q --changelog httpd |less
to see if it includes what you want to know before bothering with src rpms.

-- 
   Les Mikesell
    lesmikesell at gmail.com



More information about the CentOS mailing list