[CentOS] Fwd: httpd24 Package Question

Wed Dec 20 05:44:43 UTC 2017
Alexander Dalloz <ad+lists at uni-x.org>

Am 20.12.2017 um 00:40 schrieb Tyler Waldo:
> Alexander,
> 
> 
> These are the only two CVEs from 2016 that I found contained in the RPM
> that you referenced.
> 
> 
> - add security fix for CVE-2016-5387
> 
> - mod_ssl: add security fix for CVE-2016-4979
> 

> Tyler Waldo
> Information Security Associate
> Threat and Vulnerability Management
> Mobile: (650) 410-0776

Tyler,

according to https://www-us.apache.org/dist//httpd/CHANGES_2.4 many of 
the CVEs you mentioned were fixed in 2.4.24. So 2.4.25 and 2.4.27 used 
by the SCL RPMs should cover them.

Alexander