Centos 9 Stream not showing latest version of Apache on baseos appstream. Please update the latest version on below repo.
https://mirror.stream.centos.org/9-stre ... /Packages/
Latest Apache Version vulnerability
https://httpd.apache.org/security/vulne ... es_24.html
Latest Apache Package missing
Re: Latest Apache Package missing
CentOS/RHEL do not generally ship the latest of everything but instead RH cherrypick the updates that should be backported to the version that RHEL ships. You can check the rpm changelog using e.g. `repoquery --changelog httpd-2.4.57-5.el9 | less` or visit the RH CVE pages for a longer explanation of the status of each CVE and whether or not RH think it is applicable to their copy of the package. For example, https://access.redhat.com/security/cve/CVE-2014-0224 - change the CVE number to the ones you're interested in. That will show you a summary of what RH think of the CVE, its importance and whether it is present on RHEL systems.
Please see https://access.redhat.com/security/updates/backporting/ for information on backporting of security fixes and features in CentOS and RHEL. Additionally https://access.redhat.com/solutions/2074 may also be of use.
Please see https://access.redhat.com/security/updates/backporting/ for information on backporting of security fixes and features in CentOS and RHEL. Additionally https://access.redhat.com/solutions/2074 may also be of use.
The future appears to be RHEL or Debian. I think I'm going Debian.
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 and 6 are deadest, do not use them.
Use the FAQ Luke
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 and 6 are deadest, do not use them.
Use the FAQ Luke
-
- Posts: 2
- Joined: 2024/04/09 17:08:20
Re: Latest Apache Package missing
I appreciate the update. Indeed, the CVE portal indicates that these are open. How long it takes RH to incorporate these patches is unknown to me. I'll install the most recent version of Apache from a different repository.
https://access.redhat.com/security/cve/CVE-2024-27316
https://access.redhat.com/security/cve/CVE-2024-24795
https://access.redhat.com/security/cve/CVE-2024-27316
https://access.redhat.com/security/cve/CVE-2024-27316
https://access.redhat.com/security/cve/CVE-2024-24795
https://access.redhat.com/security/cve/CVE-2024-27316
Re: Latest Apache Package missing
Unknown to most of us. You can look at past CVEs and how long bugs of same severity had to wait for RHSA as rough guess.jaipal_x64 wrote: ↑2024/04/10 17:09:52How long it takes RH to incorporate these patches is unknown to me.
Besides, RHEL 9.4 is already in beta. It should be possible to check whether it has something for these CVEs. The beta is not mentioned on those pages, since it is not a released product. (CentOS Stream is not there either, because it isn't "for production", is it?)