httpd24 software collections package updates
Posted: 2022/06/22 21:34:22
Hello,
I have a CentOS 7 machine with the httpd24-httpd-2.4.34-23.el7.1.x86_64 package installed from software collections. A scanner flagged the Apache server as being vulnerable. Redhat released a security advisory (RHSA-2022:1075 ) for their software collections. They provide an updated package
to address the issue: httpd24-httpd-2.4.34-23.el7.2.x86_64. When I check with yum, I do not see that newer httpd24 package available. Are the updates in software collections for CentOS machines handled differently? If they don't plan on releasing an update or there is no timetable for a fix, then I'd want to take steps to work around the vulnerability.
Thanks.
I have a CentOS 7 machine with the httpd24-httpd-2.4.34-23.el7.1.x86_64 package installed from software collections. A scanner flagged the Apache server as being vulnerable. Redhat released a security advisory (RHSA-2022:1075 ) for their software collections. They provide an updated package
to address the issue: httpd24-httpd-2.4.34-23.el7.2.x86_64. When I check with yum, I do not see that newer httpd24 package available. Are the updates in software collections for CentOS machines handled differently? If they don't plan on releasing an update or there is no timetable for a fix, then I'd want to take steps to work around the vulnerability.
Thanks.