[CentOS] CVE-2019-0211 httpd24 / EL6
Leon Fauster
leonfauster at googlemail.com
Mon Apr 8 16:23:45 UTC 2019
> Am 08.04.2019 um 17:49 schrieb Johnny Hughes <johnny at centos.org>:
>
> On 4/3/19 1:53 PM, Leon Fauster via CentOS wrote:
>> It seems that httpd24-httpd from SCL is affected by CVE-2019-0211 [1].
>>
>> Does the SIG has plans to update these rpms for EL6?
>>
>> [1] https://httpd.apache.org/security/vulnerabilities_24.html
>>
>
>
> https://access.redhat.com/security/cve/cve-2019-0211
>
> That says SCLs are affected .. BUT .. they do not yet have a plan. The
> SIG should buidl whatever Red Hat releases for httpd24 .. if they
> release anything. Remember, EL6 is in Maintenance Support phase 2 (and
> has been for almost 24 months).. that means what is specified here for
> RHEL sources:
>
> https://access.redhat.com/support/policy/updates/errata
>
> Specifically:
>
> ""During the Maintenance Support 2 Phase, Critical impact Security
> Advisories (RHSAs) and selected Urgent Priority Bug Fix Advisories
> (RHBAs) may be released as they become available. Other errata
> advisories may be delivered as appropriate.
> New functionality and new hardware enablement are not planned for
> availability in the Maintenance Support 2 Phase. Minor releases with
> updated installation images may be made available in this Phase."
>
> So .. They may or may not release a security update after investigation.
> It is time to plan your move from EL6 to EL7 ...
Thanks for getting into this. Yep, its time to move on ... until this
I will try to build a custom version.
--
LF
More information about the CentOS
mailing list