Mailing List ecs-isp@2rosenthals.com Archived Message #370 previous message next message back to list

From: "Paul Smedley" <ecs-isp@2rosenthals.com> Full Headers
Undecoded message
Subject: Re: [eCS-ISP] Apache update needed new CVE's reported.
Date: Wed, 29 Dec 2021 09:29:13 +1030
To: eCS ISP Mailing List <ecs-isp@2rosenthals.com>

Hi Roderick,

On 29/12/21 09:24, Roderick Klein wrote:
https://httpd.apache.org/security/vulnerabilities_24.html

Two new CVE reports for version 2.4.51. A new version 2.4.52 has been released to address these issue's ?

Paul could you compile a new version of Apache ?

My personal opinion  is that these are almost no risk for OS/2 - we don't have mod_lua, so  that rules out CVE-2021-44790; and CVE-2021-44224 is only for a specific use case (forward proxy configurations).

Having said that, I posted a link to 2.4.52  in the apache2 ml last night.

https://smedley.id.au/tmp/httpd-2.4.52-os2-20211228-debug.zip

Cheers,

Paul
Subscribe: Feed, Digest, Index.
Unsubscribe
Mail to ListMaster