[CentOS] Backporting and Apache 2.0.52 is 4 1/2 years old
Rainer Duffner
rainer at ultra-secure.de
Sun Mar 22 20:13:10 UTC 2009
Am 22.03.2009 um 20:40 schrieb Rob Townley:
> http://httpd.apache.org/security/vulnerabilities_20.html
>
> states that Apache 2.0.52 is 4 years old and the latest version is
> 2.0.68.
> i am no longer a httpd expert, but at least one of the security fixes
> involves XSS attacks via malformed ftp commands. I also realize that
> redhat / centos may patch things separately from Apache and that the
> sysadmin has a great deal to do with how secure things are, but
> almost 5 years?
>
Download the src-RPM and make a checklist which CVEs are fixed and
which not.
(It's in a changelog-file somewhere - I don't remember the details,
it's a while that I actually looked)
Then, return here.
Best Regards,
Rainer
More information about the CentOS
mailing list