PCI 2.2.3-53.el5.centos.3
PCI 2.2.3-53.el5.centos.3
Running CentOS release 5.7 (Final) and getting a fail for PCI due to CVE-2012-0053 (RHSA-2012:0128). I see this is patched into CentOS6. Any ideas about CentOS 5?
Thanks in advance!
Thanks in advance!
Re: PCI 2.2.3-53.el5.centos.3
There's a newer version of httpd included in CentOS 5.8 which should be here RSN, perhaps even as soon as early next week.
-
- Retired Moderator
- Posts: 18276
- Joined: 2006/12/13 20:15:34
- Location: Tidewater, Virginia, North America
- Contact:
PCI 2.2.3-53.el5.centos.3
Being a QA tester...
[code]# cat /etc/redhat-release
CentOS release 5.8 (Final)
# rpm -q httpd
httpd-2.2.3-63.el5.centos.1.x86_64
# rpm -ql --changelog httpd | grep -C 5 CVE-2012-0053
* Thu Feb 23 2012 Johnny Hughes <johnny@centos.org> - 2.2.3-63.1.el5.centos
- Roll in CentOS Branding
* Wed Feb 08 2012 Joe Orton <jorton@redhat.com> - 2.2.3-63.1
- add security fixes for CVE-2012-0053, CVE-2012-0031, CVE-2011-3607 (#787596)
- remove patch for CVE-2011-3638, obviated by fix for CVE-2011-3639
* Wed Jan 04 2012 Joe Orton <jorton@redhat.com> - 2.2.3-63
- revert addition of LDAP nested group support (#546443)
[/code]
If you can't wait, grab [url=http://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/httpd-2.2.3-63.el5_8.1.src.rpm]httpd-2.2.3-63.el5_8.1.src.rpm[/url] (must be an update - later than the 5.8 version - also there) and [url=http://wiki.centos.org/HowTos/RebuildSRPM]build your own[/url].
[code]# cat /etc/redhat-release
CentOS release 5.8 (Final)
# rpm -q httpd
httpd-2.2.3-63.el5.centos.1.x86_64
# rpm -ql --changelog httpd | grep -C 5 CVE-2012-0053
* Thu Feb 23 2012 Johnny Hughes <johnny@centos.org> - 2.2.3-63.1.el5.centos
- Roll in CentOS Branding
* Wed Feb 08 2012 Joe Orton <jorton@redhat.com> - 2.2.3-63.1
- add security fixes for CVE-2012-0053, CVE-2012-0031, CVE-2011-3607 (#787596)
- remove patch for CVE-2011-3638, obviated by fix for CVE-2011-3639
* Wed Jan 04 2012 Joe Orton <jorton@redhat.com> - 2.2.3-63
- revert addition of LDAP nested group support (#546443)
[/code]
If you can't wait, grab [url=http://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/httpd-2.2.3-63.el5_8.1.src.rpm]httpd-2.2.3-63.el5_8.1.src.rpm[/url] (must be an update - later than the 5.8 version - also there) and [url=http://wiki.centos.org/HowTos/RebuildSRPM]build your own[/url].
Re: PCI 2.2.3-53.el5.centos.3
Hello:
I still do not see httpd-2.2.3-63.el5.centos.1.x86_64 available. I am having the same issue with PCI compliance - they say I need the 63 version installed. I would rather not build my own http. Any idea of when this will be released?
Thanks, Bill
I still do not see httpd-2.2.3-63.el5.centos.1.x86_64 available. I am having the same issue with PCI compliance - they say I need the 63 version installed. I would rather not build my own http. Any idea of when this will be released?
Thanks, Bill
-
- Retired Moderator
- Posts: 18276
- Joined: 2006/12/13 20:15:34
- Location: Tidewater, Virginia, North America
- Contact:
Re: PCI 2.2.3-53.el5.centos.3
See http://bugs.centos.org/view.php?id=5596
Re: PCI 2.2.3-53.el5.centos.3
I'm not sure I understand...
[code]
# rpm -q httpd
httpd-2.2.3-63.el5.centos.1.x86_64
[/code]
Just yum updated to that now.
[code]
# rpm -q httpd
httpd-2.2.3-63.el5.centos.1.x86_64
[/code]
Just yum updated to that now.
-
- Retired Moderator
- Posts: 18276
- Joined: 2006/12/13 20:15:34
- Location: Tidewater, Virginia, North America
- Contact:
Re: PCI 2.2.3-53.el5.centos.3
[url=http://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/httpd-2.2.3-63.el5_8.1.src.rpm]httpd-2.2.3-63.el5_8.1[/url] is out there.
Re: PCI 2.2.3-53.el5.centos.3
Right, I missed the 8.1 on the end. You seem to have a reply on that bugzilla saying that .centos packages don't have the _x.1 suffix and checking the changelog for the current .centos package does list all the CVEs in your RHSA link.
-
- Retired Moderator
- Posts: 18276
- Joined: 2006/12/13 20:15:34
- Location: Tidewater, Virginia, North America
- Contact:
Re: PCI 2.2.3-53.el5.centos.3
I was confused by the different version number, but the CentOS httpd-2.2.3-63.el5.centos.1 changelog does indeed match httpd-2.2.3-63.el5_8.1.