Apache HTTPServer 2.4.41 support

Issues related to applications and software problems
Post Reply
Kushagra
Posts: 4
Joined: 2019/12/19 05:16:08

Apache HTTPServer 2.4.41 support

Post by Kushagra » 2019/12/19 05:26:05

Hi,

We are using centos 7.7 in our enterprise application. We are currently using older version of apache httpserver. Due to vulnerability we have to upgrade this to latest version available i.e. 2.4.41.
https://httpd.apache.org/download.cgi#apache24

But I found that rpm file for the same is currently not available. Can somebody please help in getting the rpm of above mentioned httpserver version.

It will be a great help!!!

Regards
Kushagra

User avatar
TrevorH
Forum Moderator
Posts: 27358
Joined: 2009/09/24 10:40:56
Location: Brighton, UK

Re: Apache HTTPServer 2.4.41 support

Post by TrevorH » 2019/12/19 07:38:46

You misunderstand how Enterprise Linux works. Please see https://access.redhat.com/security/updates/backporting for an explanation of how Red Hat backport individual security updates to the versions of the packages in RHEL/CentOS. Read the rpm changelog with rpm -q --changelog httpd | less
CentOS 6 will die in November 2020 - migrate sooner rather than later!
CentOS 5 has been EOL for nearly 3 years and should no longer be used for anything!
Full time Geek, part time moderator. Use the FAQ Luke

User avatar
KernelOops
Posts: 173
Joined: 2013/12/18 15:04:03
Location: xfs file system

Re: Apache HTTPServer 2.4.41 support

Post by KernelOops » 2019/12/19 18:40:52

CentOS packages will not be upgraded to "latest versions", its under long term support and packages like apache will receive regular backported fixes.

What vulnerability are you talking about?
--
I love my computer - all my friends live there.
--

Kushagra
Posts: 4
Joined: 2019/12/19 05:16:08

Re: Apache HTTPServer 2.4.41 support

Post by Kushagra » 2019/12/23 06:32:20

Hi,

We are currently on 2.4.6 version of HTTPServer and it is have below vulnerabilities.
https://www.cvedetails.com/vulnerabilit ... 2.4.6.html

On centos support I have checked and found that we have 2.4.39 version rpm available, but that too is vulnerable.

https://www.cvedetails.com/vulnerabilit ... .4.39.html

Please help me in understanding the possible solution around the same.

Regards
Kushagra

User avatar
KernelOops
Posts: 173
Joined: 2013/12/18 15:04:03
Location: xfs file system

Re: Apache HTTPServer 2.4.41 support

Post by KernelOops » 2019/12/23 09:01:54

Yes there are vulnerabilities in various versions, but that does not mean that the published packages are vulnerable, since they get regular backported fixes. You have nothing to worry about as long as your CentOS version is still within its update lifetime.
--
I love my computer - all my friends live there.
--

User avatar
jlehtone
Posts: 2478
Joined: 2007/12/11 08:17:33
Location: Finland

Re: Apache HTTPServer 2.4.41 support

Post by jlehtone » 2019/12/23 09:50:49

Kushagra wrote:
2019/12/23 06:32:20
We are currently on 2.4.6 version of HTTPServer and it is have below vulnerabilities.
No.

Apache 2.4.6 was released 2013-07-22 and succeeded by 2.4.7 in 2013-11-26.
That 2.4.6 has the vulnerabilities that you list. You don't have that 2.4.6.

RHEL 7 was released 2014-06-10 and had httpd-2.4.6-17.el7. That was something that
had been forked from original Apache 2.4.6.

Red Hat has continued to maintain their fork and backport security fixes to it.
The current httpd-2.4.6-90.el7 in CentOS 7 is not the vanilla 2.4.6 from 2013.

Kushagra
Posts: 4
Joined: 2019/12/19 05:16:08

Re: Apache HTTPServer 2.4.41 support

Post by Kushagra » 2019/12/23 13:48:40

Thanks both for your response. I executed the command "rpm -q --changelog httpd | less" in my environment and come to know that we are using httpserver version "2.4.6-90.el7.centos".

Now, it shows that centos has clear all the vulnerabilities till 2.4.38 through backporting.

So, do we have any plan for the vulnerabilities specifically present in 2.4.39 version. :)

Regards
Kushagra

User avatar
jlehtone
Posts: 2478
Joined: 2007/12/11 08:17:33
Location: Finland

Re: Apache HTTPServer 2.4.41 support

Post by jlehtone » 2019/12/23 16:50:32


Kushagra
Posts: 4
Joined: 2019/12/19 05:16:08

Re: Apache HTTPServer 2.4.41 support

Post by Kushagra » 2019/12/24 01:24:32

Thanks for your response, it was really helpful.

So, by any chance does Red hat provides any timeline around the same, as I am not able to see any timelines.

On the other side, I have seen that Fedora has released the rpm for httpd-2.4.41.
https://rpmfind.net/linux/rpm2html/sear ... uery=httpd

So, when centos is planning to release the rpm for this version.

Regards
Kushagra

Post Reply

Return to “CentOS 7 - Software Support”