[CentOS] Apache httpd-2.2.15 updates

Wed Dec 14 19:30:53 UTC 2011
drsystems at globalcerts.net <drsystems at globalcerts.net>

Thank you.
> drsystems at globalcerts.net writes:
>> Hello,
>>
>> I am working on a CentOS Linux 2.6.32-71.el6.x86_64 system.
>> I noticed that the system came with httpd-2.2.15-6 installed.
>> After I run 'yum update' I get httpd-2.2.15-9.
>>
>> I did some research on the Internet, but can't find the following
>> information: are most of the security fixes that appear in httpd-2.2.21
>> applied to the update on httpd-2.2.15-9?
>>
>> There was a security fix just last August, the CVE-2011-3192 on Range
>> and
>> DoS. I don't imagine that this is in the 2.2.15-9. Do you have plans to
>> provide this patch in the repository so that 'yum update httpd*' would
>> get
>> this patch?
>
> $ cd $REPO
> $ rpm -qp --changelog httpd-2.2.15-9.el6.centos.3.x86_64.rpm
> * Fri Oct 21 2011 Karanbir Singh <kbsingh at centos.org> -
> 2.2.15-9.3.el6.centos
> - Roll in CentOS Branding
>
> * Thu Oct 06 2011 Joe Orton <jorton at redhat.com> - 2.2.15-9.3
> - add security fixes for CVE-2011-3347, CVE-2011-3368 (#743901)
> - fix regressions in CVE-2011-3192 patch (#736592)
>
> * Tue Aug 30 2011 Joe Orton <jorton at redhat.com> - 2.2.15-9.2,
> - updated patch for CVE-2011-3192 from upstream (#733062)
>
> * Fri Aug 26 2011 Jan Kaluza <jkaluza at redhat.com> - 2.2.15-9.1
> - fix #733062 -  backported CVE-2011-3192 fix from httpd trunk
>
> * Fri Apr 08 2011 Joe Orton <jorton at redhat.com> - 2.2.15-9
> - mod_ssl: complete fix for overlapping memcpy (#652335)
> ...
>
> _______________________________________________
> CentOS mailing list
> CentOS at centos.org
> http://lists.centos.org/mailman/listinfo/centos
>