[CentOS] Fwd: httpd24 Package Question
Alexander Dalloz
ad+lists at uni-x.org
Wed Dec 20 05:44:43 UTC 2017
Am 20.12.2017 um 00:40 schrieb Tyler Waldo:
> Alexander,
>
>
> These are the only two CVEs from 2016 that I found contained in the RPM
> that you referenced.
>
>
> - add security fix for CVE-2016-5387
>
> - mod_ssl: add security fix for CVE-2016-4979
>
> Tyler Waldo
> Information Security Associate
> Threat and Vulnerability Management
> Mobile: (650) 410-0776
Tyler,
according to https://www-us.apache.org/dist//httpd/CHANGES_2.4 many of
the CVEs you mentioned were fixed in 2.4.24. So 2.4.25 and 2.4.27 used
by the SCL RPMs should cover them.
Alexander
More information about the CentOS
mailing list