Centos 8 httpd updates

Support for security such as Firewalls and securing linux
User avatar
TrevorH
Forum Moderator
Posts: 30173
Joined: 2009/09/24 10:40:56
Location: Brighton, UK

Re: Centos 8 httpd updates

Post by TrevorH » 2020/12/12 02:55:35

CentOS 6 died in November 2020 - migrate to a new version!
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 is dead, do not use it.
Full time Geek, part time moderator. Use the FAQ Luke

Tiraflo
Posts: 4
Joined: 2020/12/08 16:51:05

Re: Centos 8 httpd updates

Post by Tiraflo » 2020/12/14 10:34:02

Thank you for the link.

Unfortunately, I'm not sure about the way I should interpret it and how it replies to my previous statements.

According to me, this should match my case:

Platform: Red Hat Enterprise Linux 8
Package: httpd:2.4
State: Fixed
Errata: RHSA-2020:4751
Release Date: November 4, 2020

Image

knowing that

CentOS version | RHEL base | Kernel | CentOS release date | RHEL release date | Delay (days)
8.3-2011 | 8.3 | 4.18.0-240 | 2020-12-07 | 2020-11-03 | 34

Image

but I probably misunderstand something.

After updating my system to Centos 8.3, the latest available httpd package is still 2.4.37 and the related changelog hasn't changed either.

User avatar
TrevorH
Forum Moderator
Posts: 30173
Joined: 2009/09/24 10:40:56
Location: Brighton, UK

Re: Centos 8 httpd updates

Post by TrevorH » 2020/12/14 11:13:40

https://access.redhat.com/errata/RHSA-2020:4751 says it's fixed in 2.4.37-30 and that is the current version listed by dnf list httpd on CentOS 8.3.
CentOS 6 died in November 2020 - migrate to a new version!
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 is dead, do not use it.
Full time Geek, part time moderator. Use the FAQ Luke

Tiraflo
Posts: 4
Joined: 2020/12/08 16:51:05

Re: Centos 8 httpd updates

Post by Tiraflo » 2020/12/15 11:53:36

Thank you for your feedback.

Indeed the listed package is 2.4.37-30.module_el8.3.0+561+97fdbbcc linked to source httpd-2.4.37-30.module_el8.3.0+561+97fdbbcc.src.rpm, which seems to correspond to the one mentioned in the errata (httpd-2.4.37-30.module+el8.3.0+7001+0766b9e7.src.rpm).

I couldn't find the meaning of the bold numbers (561 & 7001) but I assume it makes the distinction between Red Hat and CentOS.

I'm still puzzling over the following: is it then a mistake/a lack that CVE-2018-17189 is not mentioned in the changelog of version 2.4.37-30?

User avatar
jlehtone
Posts: 3262
Joined: 2007/12/11 08:17:33
Location: Finland

Re: Centos 8 httpd updates

Post by jlehtone » 2020/12/15 15:36:24

Look at the

Code: Select all

mod_http2    1.15.7-2.module_el8.3.0+477+498bb568 

Tiraflo
Posts: 4
Joined: 2020/12/08 16:51:05

Re: Centos 8 httpd updates

Post by Tiraflo » 2020/12/16 14:57:18

Thanks for the hint.

Thank you to both of you for your insight and support.

Post Reply

Return to “CentOS 8 - Security Support”