perfsonar-user - Re: [perfsonar-user] Apache: Upgrade to version 2.4.9
Subject: perfSONAR User Q&A and Other Discussion
List archive
- From: "Christoph.Galuschka" <>
- To: Fernando Redigolo <>
- Cc:
- Subject: Re: [perfsonar-user] Apache: Upgrade to version 2.4.9
- Date: Wed, 2 Jul 2014 16:25:52 +0200 (CEST)
- Importance: Medium
|
> Fernando Redigolo <> hat am 2. Juli 2014 um 16:15 geschrieben:
> > > Christoph and Jason. > > Thanks for the feedack. We are working with the Brazilian NREN to deploy Science DMZs at several institutions and one of the institutions' security team pointed out during a security audit several vulnerabilities related to Apache 2.2 in the perfSONAR toolkit nodes, recommending their upgrade to version 2.4. We were expecting that this problem had already appeared in the perfSONAR community and, as nobody apparently had tried that before, we started to investigate it further. The vulnerabilities we analyzed so far turned out to be false positives: RedHat backports some security patches to their version of Apache 2.2, without changing the version number. This is better explained at: > > http://crimsonfu.github.io/2013/08/06/backporting-and-scanners.html > > https://access.redhat.com/site/security/updates/backporting/
That is indeed the way it works :)
You can easily - when searching for certain fixes - query the changelog for a certain CVE: rpm -qa --changelog httpd | grep CVE
all the best
Christoph
Christoph Galuschka
CentOS-QA member | IRC: tigalch |
- Re: [perfsonar-user] Apache: Upgrade to version 2.4.9, Fernando Redigolo, 07/02/2014
- Re: [perfsonar-user] Apache: Upgrade to version 2.4.9, Christoph.Galuschka, 07/02/2014
Archive powered by MHonArc 2.6.16.