Am 20.12.2017 um 00:40 schrieb Tyler Waldo: > Alexander, > > > These are the only two CVEs from 2016 that I found contained in the RPM > that you referenced. > > > - add security fix for CVE-2016-5387 > > - mod_ssl: add security fix for CVE-2016-4979 > > Tyler Waldo > Information Security Associate > Threat and Vulnerability Management > Mobile: (650) 410-0776 Tyler, according to https://www-us.apache.org/dist//httpd/CHANGES_2.4 many of the CVEs you mentioned were fixed in 2.4.24. So 2.4.25 and 2.4.27 used by the SCL RPMs should cover them. Alexander