ecs-isp@2rosenthals.com Messaggio archiviato #370 messaggio precedente messaggio successivo torna alla lista

Da: "Paul Smedley" <ecs-isp@2rosenthals.com> Intestazioni complete
Messaggio non codificato
Oggetto: Re: [eCS-ISP] Apache update needed new CVE's reported.
Data: Wed, 29 Dec 2021 09:29:13 +1030
A: eCS ISP Mailing List <ecs-isp@2rosenthals.com>

Hi Roderick,

On 29/12/21 09:24, Roderick Klein wrote:
https://httpd.apache.org/security/vulnerabilities_24.html

Two new CVE reports for version 2.4.51. A new version 2.4.52 has been released to address these issue's ?

Paul could you compile a new version of Apache ?

My personal opinion  is that these are almost no risk for OS/2 - we don't have mod_lua, so  that rules out CVE-2021-44790; and CVE-2021-44224 is only for a specific use case (forward proxy configurations).

Having said that, I posted a link to 2.4.52  in the apache2 ml last night.

https://smedley.id.au/tmp/httpd-2.4.52-os2-20211228-debug.zip

Cheers,

Paul
Isriviti: Feed, Riassunto, Indice.
Disiscriviti
Scrivi a ListMaster