Hi Team,
I got alert for CVE-2021-41524 on apache running below Apache 2.4.49.
Currently I have httpd-2.4.6-97.el7.centos.x86_64 but I don't see any update available yet.
Am I safe with httpd-2.4.6-97.el7.centos.x86_64 ?
Thanks,
Apache CVE : CVE-2021-41524
Re: Apache CVE : CVE-2021-41524
My understanding is the vulnerabilities only affect versions 2.4.49 & 2.4.50. You should not be affected with 2.4.6.
https://www.cyber.gov.au/acsc/view-all- ... ttp-server
https://httpd.apache.org/security/vulne ... es_24.html
https://www.cyber.gov.au/acsc/view-all- ... ttp-server
https://httpd.apache.org/security/vulne ... es_24.html
Re: Apache CVE : CVE-2021-41524
The bug was introduced in 2.4.49 which was only released on Sept 16th 2021.
The future appears to be RHEL or Debian. I think I'm going Debian.
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 and 6 are deadest, do not use them.
Use the FAQ Luke
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 and 6 are deadest, do not use them.
Use the FAQ Luke
Re: Apache CVE : CVE-2021-41524
https://access.redhat.com/security/cve/cve-2021-41524 says (about RHEL 7 and hence CL7): "Not affected"