Dear team,
RH just released corrected package for httpd on RH7 ( https://access.redhat.com/errata/RHSA-2022:1045 ), could you please confirm that it's going to be in your pipe for recompilation and will be distributed on your security repository?
Many thanks for your support.
Regards,
Thelvaen
CVE-2022-22720
Re: CVE-2022-22720
CentOS 7 is supported until the EOL of RHEL 7 in 2024. Anything released for RHEL will be rebuilt for CentOS. The package you mention is in the build queue.
CentOS 8 died a premature death at the end of 2021 - migrate to Rocky/Alma/OEL/Springdale ASAP.
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 and 6 are dead, do not use them.
Use the FAQ Luke
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 and 6 are dead, do not use them.
Use the FAQ Luke
Re: CVE-2022-22720
Many thanks for your feedback.
Regards,
Thelvaen
Regards,
Thelvaen
-
beattodeath
- Posts: 1
- Joined: 2022/04/15 06:41:20
Re: CVE-2022-22720
Hi
Does anyone know if this vulnerability has been fixed in this httpd version v2.4.6-97 ?
Does anyone know if this vulnerability has been fixed in this httpd version v2.4.6-97 ?
Re: CVE-2022-22720
It's fixed in httpd-2.4.6-97.el7.centos.5.x86_64. The .centos.5 is important.
CentOS 8 died a premature death at the end of 2021 - migrate to Rocky/Alma/OEL/Springdale ASAP.
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 and 6 are dead, do not use them.
Use the FAQ Luke
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 and 6 are dead, do not use them.
Use the FAQ Luke
Re: CVE-2022-22720
Any idea, when the new centos build with this httpd update would be available ?
Re: CVE-2022-22720
About 4 months ago.
CentOS 8 died a premature death at the end of 2021 - migrate to Rocky/Alma/OEL/Springdale ASAP.
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 and 6 are dead, do not use them.
Use the FAQ Luke
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 and 6 are dead, do not use them.
Use the FAQ Luke
Re: CVE-2022-22720
Is there a guide to patching the 2.4.37 version or any ways to fix the issue on CentOS Linux release 8.3.2011?
Re: CVE-2022-22720
CentOS Linux 8 is dead. You need to move to something supported. Pick one of the alternative RHEL rebuilds listed in my sig below and use one of them. They all have scripts to convert from CentOS Linux to themselves so use one of those. Or if you don't value stability, use Stream.
CentOS 8 died a premature death at the end of 2021 - migrate to Rocky/Alma/OEL/Springdale ASAP.
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 and 6 are dead, do not use them.
Use the FAQ Luke
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 and 6 are dead, do not use them.
Use the FAQ Luke
Re: CVE-2022-22720
Furthermore, while CentOS Linux 8 did die completely 2021-12-31, the CentOS Linux 8.3-2011 did die already 2021-05-18 when 8.4-2105 was released.
If you have not installed available updates since 8.4 was released, then you have at least 15 months worth of vulnerabilities.
If you simply did install 8.3 and never have installed any updates, then you have up to 21 months worth of vulnerabilities.
Both in CentOS Linux and the other alternative RHEL rebuilds one has to simply run "dnf up" regularly.
The rebuilds (that are alive) do have currently "8.6". When they release "8.7" after RHEL 8.7 has been released,
the "dnf up" will make your system have 8.7 content -- it will no longer be "8.6".
The CentOS Linux 7 is already in maintenance phase; an installed system should contain content based on RHEL 7.9.
One should run "yum update" regularly to get all updates that still do become available.
If you have not installed available updates since 8.4 was released, then you have at least 15 months worth of vulnerabilities.
If you simply did install 8.3 and never have installed any updates, then you have up to 21 months worth of vulnerabilities.
Both in CentOS Linux and the other alternative RHEL rebuilds one has to simply run "dnf up" regularly.
The rebuilds (that are alive) do have currently "8.6". When they release "8.7" after RHEL 8.7 has been released,
the "dnf up" will make your system have 8.7 content -- it will no longer be "8.6".
The CentOS Linux 7 is already in maintenance phase; an installed system should contain content based on RHEL 7.9.
One should run "yum update" regularly to get all updates that still do become available.