PCI 2.2.3-53.el5.centos.3

Support for security such as Firewalls and securing linux

PCI 2.2.3-53.el5.centos.3

Postby broberts » 2012/03/02 19:51:45

Running CentOS release 5.7 (Final) and getting a fail for PCI due to CVE-2012-0053 (RHSA-2012:0128). I see this is patched into CentOS6. Any ideas about CentOS 5?

Thanks in advance!
broberts
 
Posts: 7
Joined: 2009/10/05 22:29:14

Re: PCI 2.2.3-53.el5.centos.3

Postby TrevorH » 2012/03/03 01:42:29

There's a newer version of httpd included in CentOS 5.8 which should be here RSN, perhaps even as soon as early next week.
User avatar
TrevorH
Forum Moderator
 
Posts: 9146
Joined: 2009/09/24 10:40:56
Location: Brighton, UK

PCI 2.2.3-53.el5.centos.3

Postby pschaff » 2012/03/04 03:48:06

Being a QA tester...
Code: Select all
# cat /etc/redhat-release
CentOS release 5.8 (Final)
# rpm -q httpd
httpd-2.2.3-63.el5.centos.1.x86_64
# rpm -ql --changelog httpd | grep -C 5 CVE-2012-0053
* Thu Feb 23 2012 Johnny Hughes <johnny@centos.org> - 2.2.3-63.1.el5.centos
- Roll in CentOS Branding

* Wed Feb 08 2012 Joe Orton <jorton@redhat.com> - 2.2.3-63.1
- add security fixes for CVE-2012-0053, CVE-2012-0031, CVE-2011-3607 (#787596)   
- remove patch for CVE-2011-3638, obviated by fix for CVE-2011-3639

* Wed Jan 04 2012 Joe Orton <jorton@redhat.com> - 2.2.3-63
- revert addition of LDAP nested group support (#546443)


If you can't wait, grab httpd-2.2.3-63.el5_8.1.src.rpm (must be an update - later than the 5.8 version - also there) and build your own.
pschaff
Retired Moderator
 
Posts: 18277
Joined: 2006/12/13 20:15:34
Location: Tidewater, Virginia, North America

Re: PCI 2.2.3-53.el5.centos.3

Postby bill56 » 2012/03/14 15:05:38

Hello:

I still do not see httpd-2.2.3-63.el5.centos.1.x86_64 available. I am having the same issue with PCI compliance - they say I need the 63 version installed. I would rather not build my own http. Any idea of when this will be released?

Thanks, Bill
bill56
 
Posts: 1
Joined: 2012/03/14 14:19:22

Re: PCI 2.2.3-53.el5.centos.3

Postby pschaff » 2012/03/14 15:46:00

pschaff
Retired Moderator
 
Posts: 18277
Joined: 2006/12/13 20:15:34
Location: Tidewater, Virginia, North America

Re: PCI 2.2.3-53.el5.centos.3

Postby TrevorH » 2012/03/14 16:31:46

I'm not sure I understand...

Code: Select all
# rpm -q httpd
httpd-2.2.3-63.el5.centos.1.x86_64


Just yum updated to that now.
User avatar
TrevorH
Forum Moderator
 
Posts: 9146
Joined: 2009/09/24 10:40:56
Location: Brighton, UK

Re: PCI 2.2.3-53.el5.centos.3

Postby pschaff » 2012/03/14 17:18:56

pschaff
Retired Moderator
 
Posts: 18277
Joined: 2006/12/13 20:15:34
Location: Tidewater, Virginia, North America

Re: PCI 2.2.3-53.el5.centos.3

Postby TrevorH » 2012/03/14 21:48:59

Right, I missed the 8.1 on the end. You seem to have a reply on that bugzilla saying that .centos packages don't have the _x.1 suffix and checking the changelog for the current .centos package does list all the CVEs in your RHSA link.
User avatar
TrevorH
Forum Moderator
 
Posts: 9146
Joined: 2009/09/24 10:40:56
Location: Brighton, UK

Re: PCI 2.2.3-53.el5.centos.3

Postby pschaff » 2012/03/14 21:58:48

I was confused by the different version number, but the CentOS httpd-2.2.3-63.el5.centos.1 changelog does indeed match httpd-2.2.3-63.el5_8.1.
pschaff
Retired Moderator
 
Posts: 18277
Joined: 2006/12/13 20:15:34
Location: Tidewater, Virginia, North America


Return to CentOS 5 - Security Support

Who is online

Users browsing this forum: No registered users and 0 guests