I’ve seen a few CVEs now that are low level but pretty much effect every version from 2.4.30ish and back.
The default Apache versions in the Debian and Ubuntu repos are 2.4.25 and 2.4.29 respectively. QUESTIONS: 1. Anyway to move the versions up (assuming I didn’t miss something) ? 2. Happy to help / take on task if someone can point me in the right direction > On Apr 6, 2019, at 11:14 PM, Sunhux G <sun...@gmail.com> wrote: > > Also, > can we safely say CVE-2019-0217 & CVE-2019-0215 affects "2.4.17 through > 2.4.38 with MPM event, worker or prefork" only (just like CVE-2019-0211)? > > How do I check if we have "MPM event, worker or prefork" in our Apache? > > >> On Sat, Apr 6, 2019 at 10:59 PM Sunhux G <sun...@gmail.com> wrote: >> >> Are above CVEs affecting Apache httpd (ie web servers) 2.4.x only >> & other lower versions (eg: our Solaris 10's Apache/2.0.63) are not >> affected? >> >> Can point me to where to get the patches for RHEL7/RHEL6 >> in Red Hat support portal or anywhere else that's reliable?? >> >> Sun
