On Sun, Mar 22, 2009 at 3:29 PM, Les Mikesell lesmikesell@gmail.com wrote:
Rainer Duffner wrote:
Am 22.03.2009 um 20:40 schrieb Rob Townley:
http://httpd.apache.org/security/vulnerabilities_20.html
states that Apache 2.0.52 is 4 years old and the latest version is 2.0.68. i am no longer a httpd expert, but at least one of the security fixes involves XSS attacks via malformed ftp commands. I also realize that redhat / centos may patch things separately from Apache and that the sysadmin has a great deal to do with how secure things are, but almost 5 years?
Download the src-RPM and make a checklist which CVEs are fixed and which not. (It's in a changelog-file somewhere - I don't remember the details, it's a while that I actually looked)
Then, return here.
Try:
rpm -q --changelog httpd |less to see if it includes what you want to know before bothering with src rpms.
Thank You Les, that is an awesome info.
-- Les Mikesell lesmikesell@gmail.com
CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos