[CentOS] CVE-2019-0211 httpd24 / EL6

Mon Apr 8 15:49:25 UTC 2019
Johnny Hughes <johnny at centos.org>

On 4/3/19 1:53 PM, Leon Fauster via CentOS wrote:
> It seems that httpd24-httpd from SCL is affected by CVE-2019-0211 [1].
> Does the SIG has plans to update these rpms for EL6? 
> [1] https://httpd.apache.org/security/vulnerabilities_24.html


That says SCLs are affected .. BUT .. they do not yet have a plan.  The
SIG should buidl whatever Red Hat releases for httpd24 .. if they
release anything.  Remember, EL6 is in Maintenance Support phase 2 (and
has been for almost 24 months).. that means what is specified here for
RHEL sources:



""During the Maintenance Support 2 Phase, Critical impact Security
Advisories (RHSAs) and selected Urgent Priority Bug Fix Advisories
(RHBAs) may be released as they become available. Other errata
advisories may be delivered as appropriate.
New functionality and new hardware enablement are not planned for
availability in the Maintenance Support 2 Phase. Minor releases with
updated installation images may be made available in this Phase."

So .. They may or may not release a security update after investigation.
 It is time to plan your move from EL6 to EL7 ...

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 198 bytes
Desc: OpenPGP digital signature
URL: <http://lists.centos.org/pipermail/centos/attachments/20190408/fd170ad4/attachment-0006.sig>