[CentOS] CVE-2019-0211 httpd24 / EL6
Johnny Hughes
johnny at centos.org
Mon Apr 8 15:49:25 UTC 2019
On 4/3/19 1:53 PM, Leon Fauster via CentOS wrote:
> It seems that httpd24-httpd from SCL is affected by CVE-2019-0211 [1].
>
> Does the SIG has plans to update these rpms for EL6?
>
> [1] https://httpd.apache.org/security/vulnerabilities_24.html
>
https://access.redhat.com/security/cve/cve-2019-0211
That says SCLs are affected .. BUT .. they do not yet have a plan. The
SIG should buidl whatever Red Hat releases for httpd24 .. if they
release anything. Remember, EL6 is in Maintenance Support phase 2 (and
has been for almost 24 months).. that means what is specified here for
RHEL sources:
https://access.redhat.com/support/policy/updates/errata
Specifically:
""During the Maintenance Support 2 Phase, Critical impact Security
Advisories (RHSAs) and selected Urgent Priority Bug Fix Advisories
(RHBAs) may be released as they become available. Other errata
advisories may be delivered as appropriate.
New functionality and new hardware enablement are not planned for
availability in the Maintenance Support 2 Phase. Minor releases with
updated installation images may be made available in this Phase."
So .. They may or may not release a security update after investigation.
It is time to plan your move from EL6 to EL7 ...
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 198 bytes
Desc: OpenPGP digital signature
URL: <http://lists.centos.org/pipermail/centos/attachments/20190408/fd170ad4/attachment.sig>
More information about the CentOS
mailing list