httpd24 software collections package updates

General support questions
Post Reply
reppy
Posts: 1
Joined: 2022/06/22 21:02:36

httpd24 software collections package updates

Post by reppy » 2022/06/22 21:34:22

Hello,

I have a CentOS 7 machine with the httpd24-httpd-2.4.34-23.el7.1.x86_64 package installed from software collections. A scanner flagged the Apache server as being vulnerable. Redhat released a security advisory (RHSA-2022:1075 ) for their software collections. They provide an updated package
to address the issue: httpd24-httpd-2.4.34-23.el7.2.x86_64. When I check with yum, I do not see that newer httpd24 package available. Are the updates in software collections for CentOS machines handled differently? If they don't plan on releasing an update or there is no timetable for a fix, then I'd want to take steps to work around the vulnerability.

Thanks.

User avatar
TrevorH
Forum Moderator
Posts: 32026
Joined: 2009/09/24 10:40:56
Location: Brighton, UK

Re: httpd24 software collections package updates

Post by TrevorH » 2022/06/22 22:13:14

It's in the centos-sclo-rh-testing testing repo so use yum --enablerepo=centos-sclo-rh-testing ... to get it

Once you have it, write to the centos-devel mailing list and ask if they aim to promote it to the main repo as you are not the first to ask.
CentOS 8 died a premature death at the end of 2021 - migrate to Rocky/Alma/OEL/Springdale ASAP.
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 and 6 are dead, do not use them.
Use the FAQ Luke

Post Reply