| Från: |
"Paul Smedley" <ecs-isp@2rosenthals.com> |
Meddelandehuvud
Oavkodat meddelande |
| Ämne: |
Re: [eCS-ISP] Apache update needed new CVE's reported. |
| Datum: |
Wed, 29 Dec 2021 09:29:13 +1030 |
| Till: |
eCS ISP Mailing List <ecs-isp@2rosenthals.com> |
|
|---|
Hi Roderick,
On 29/12/21 09:24, Roderick Klein wrote:
https://httpd.apache.org/security/vulnerabilities_24.html
Two new CVE reports for version 2.4.51. A new version 2.4.52 has been released to address these issue's ?
Paul could you compile a new version of Apache ?
My personal opinion is that these are almost no risk for OS/2 - we don't have mod_lua, so that rules out CVE-2021-44790; and CVE-2021-44224 is only for a specific use case (forward proxy configurations).
Having said that, I posted a link to 2.4.52 in the apache2 ml last night.
https://smedley.id.au/tmp/httpd-2.4.52-os2-20211228-debug.zip
Cheers,
Paul
|