I'm trying to find out if a particular RedHat patch has been ported to CentOS yet.
In particular, this vulnerability: CVE-2011-3607
According to this: https://rhn.redhat.com/errata/RHSA-2012-0323.html it has been patched as of httpd-2.2.3-63.el5_8.1.x86_64.rpm
Now, in the latest CentOS repository, I find httpd-2.2.3-63.el5.centos.1.x86_64.rpm
Is this the same (or later) release? I suspect not, because the el5 != el5_8.1, but I'm not 100% sure I understand the mapping between the two sets of RPM names.
Thanks, -- Mitch Patenaude mpatenaude@shutterfly.com
On 05/07/2012 07:16 PM, Mitch Patenaude wrote:
I'm trying to find out if a particular RedHat patch has been ported to CentOS yet.
In particular, this vulnerability: CVE-2011-3607
According to this: https://rhn.redhat.com/errata/RHSA-2012-0323.html it has been patched as of httpd-2.2.3-63.el5_8.1.x86_64.rpm
Now, in the latest CentOS repository, I find httpd-2.2.3-63.el5.centos.1.x86_64.rpm
Is this the same (or later) release? I suspect not, because the el5 != el5_8.1, but I'm not 100% sure I understand the mapping between the two sets of RPM names.
You suspect wrong :)
We keep the dist tags the same for packages that we do not modify for branding ... so if that was an unmodified package, it would have a .el5_8 dist tag, just like upstream.
BUT ... for packages that we modify ... we always use a ".el5.centos" dist tag unless forced to use something else for some reason.
So, since httpd is a modified package, "httpd-2.2.3-63.el5.centos.1.x86_64.rpm" == "httpd-2.2.3-63.el5_8.1.x86_64.rpm"
On Tuesday 08 May 2012 00.16.15 Mitch Patenaude wrote:
I'm trying to find out if a particular RedHat patch has been ported to CentOS yet.
In particular, this vulnerability: CVE-2011-3607
Johnny already explained the version naming I'm just adding a way to see if a certain pkg has a certain fix:
$ yumdownloader httpd (yumdownloader is in the yum-utils pkg) $ rpm -qp --changelog httpd*.rpm | less (search for your CVE)
/Peter
-
Johnny Hughes -
Mitch Patenaude -
Peter Kjellström