[CentOS] CVE-2019-0211 httpd24 / EL6
Leon Fauster
leonfauster at googlemail.com
Thu Apr 11 12:28:11 UTC 2019
> Am 08.04.2019 um 18:23 schrieb Leon Fauster <leonfauster at googlemail.com>:
>
>
>> Am 08.04.2019 um 17:49 schrieb Johnny Hughes <johnny at centos.org>:
>>
>> On 4/3/19 1:53 PM, Leon Fauster via CentOS wrote:
>>> It seems that httpd24-httpd from SCL is affected by CVE-2019-0211 [1].
>>>
>>> Does the SIG has plans to update these rpms for EL6?
>>>
>>> [1] https://httpd.apache.org/security/vulnerabilities_24.html
>>>
>>
>>
>> https://access.redhat.com/security/cve/cve-2019-0211
>>
>> That says SCLs are affected .. BUT .. they do not yet have a plan. The
>> SIG should buidl whatever Red Hat releases for httpd24 .. if they
>> release anything. Remember, EL6 is in Maintenance Support phase 2 (and
>> has been for almost 24 months).. that means what is specified here for
>> RHEL sources:
>>
>> https://access.redhat.com/support/policy/updates/errata
>>
>> Specifically:
>>
>> ""During the Maintenance Support 2 Phase, Critical impact Security
>> Advisories (RHSAs) and selected Urgent Priority Bug Fix Advisories
>> (RHBAs) may be released as they become available. Other errata
>> advisories may be delivered as appropriate.
>> New functionality and new hardware enablement are not planned for
>> availability in the Maintenance Support 2 Phase. Minor releases with
>> updated installation images may be made available in this Phase."
>>
>> So .. They may or may not release a security update after investigation.
>> It is time to plan your move from EL6 to EL7 ...
>
> Thanks for getting into this. Yep, its time to move on ... until this
> I will try to build a custom version.
Seems to be addressed: https://access.redhat.com/errata/RHSA-2019:0746
--
LF
More information about the CentOS
mailing list