Re: [users@httpd] Httpd is hanging intermittently

2021-09-23 Thread Otis Dewitt - NOAA Affiliate
No problem Venkatesh. No, I don't know how to generate entropy in Apache because I think Apache uses the system entropy. You can check how many are available via: "cat /proc/sys/kernel/random/entropy_avail". Under the system I know of two different packages, one *rngd *and the other *haveged.*

Re: [users@httpd] Httpd is hanging intermittently

2021-09-23 Thread alchemist vk
Thanks Dewitt for your inputs. Will check from system perspective how to generate more entropy and resolve this issue. Do you know, how to generate more entropy in system or via apache so that it can never be deprived of entropy? With Regards, Venkatesh On Thu, Sep 23, 2021 at 8:46 PM Otis

Re: [users@httpd] Httpd is hanging intermittently

2021-09-23 Thread Otis Dewitt - NOAA Affiliate
Hmm I see, I not sure why you did not get this right away when switching from openssl to openssl-fips because FIPS require a lot of entropy and if this is on VMWARE, that has very poor entropy unless you use entropy generator like "*haveged*" or load *virtio_rng *kernel module. As I said before I

Re: [users@httpd] Re: [External] : [users@httpd] 2.4.49 security fixes: more info

2021-09-23 Thread Riccardo Schirone
On 09/23, Ran Mozes wrote: > to find out about CVEs you can follow the related links from the NVD site. In > the case of CVE-2021-40438 it led me to > https://src.fedoraproject.org/rpms/httpd#817ac0a9a475f26768e49342e055307368258b74 > there you could dig so more to find information about the >

[users@httpd] Re: [External] : [users@httpd] 2.4.49 security fixes: more info

2021-09-23 Thread Ran Mozes
to find out about CVEs you can follow the related links from the NVD site. In the case of CVE-2021-40438 it led me to https://src.fedoraproject.org/rpms/httpd#817ac0a9a475f26768e49342e055307368258b74 there you could dig so more to find information about the users/commits/contents. HTH > Am

Re: [users@httpd] 2.4.49 security fixes: more info

2021-09-23 Thread pgajdos
On Thu, Sep 23, 2021 at 12:41:10PM +0200, Riccardo Schirone wrote: > On 09/23, pgajdos wrote: > > On Thu, Sep 23, 2021 at 11:45:49AM +0200, Riccardo Schirone wrote: > > > I'm trying to gather more information about CVE-2021-40438, > > > CVE-2021-39275, > > > CVE-2021-36160, CVE-2021-34798 that

Re: [users@httpd] 2.4.49 security fixes: more info

2021-09-23 Thread Riccardo Schirone
On 09/23, pgajdos wrote: > On Thu, Sep 23, 2021 at 11:45:49AM +0200, Riccardo Schirone wrote: > > I'm trying to gather more information about CVE-2021-40438, CVE-2021-39275, > > CVE-2021-36160, CVE-2021-34798 that were recently fixed in Apache 2.4.49. > > The > > CHANGES file and the security

Re: [users@httpd] 2.4.49 security fixes: more info

2021-09-23 Thread pgajdos
On Thu, Sep 23, 2021 at 11:45:49AM +0200, Riccardo Schirone wrote: > I'm trying to gather more information about CVE-2021-40438, CVE-2021-39275, > CVE-2021-36160, CVE-2021-34798 that were recently fixed in Apache 2.4.49. The > CHANGES file and the security page on the website just contain very

[users@httpd] 2.4.49 security fixes: more info

2021-09-23 Thread Riccardo Schirone
Hi, I'm trying to gather more information about CVE-2021-40438, CVE-2021-39275, CVE-2021-36160, CVE-2021-34798 that were recently fixed in Apache 2.4.49. The CHANGES file and the security page on the website just contain very short descriptions of the flaws. I'd like to know what are the