httpd: fix three CVEs

CVE-2021-26691: heap overflow CVE-2021-39275: out-of-bounds-write CVE-2021-44790: buffer overflow Advance to version 2.4.6-97.el7.centos. === testing boot iso and log in; become root; httpd is not running systemctl stop lighttpd # free up port 80 systemctl start httpd # takes a while echo arf > /var/www/html/arf.txt # something to fetch wget http://localhost/arf.txt cat arf.txt This shows httpd is processing requests. === Closes-bug: 1960765 Signed-off-by: Joe Slater <joe.slater@windriver.com> Change-Id: Idcff71fe505a187e7bcfaea7a8818233a4ef76ac
2022-03-17 14:27:32 -04:00 · 2022-03-17 14:27:32 -04:00 · fc00096e8b
parent 3d2d104376
commit fc00096e8b
1 changed files with 2 additions and 2 deletions
--- a/centos-mirror-tools/config/centos/flock/rpms_centos.lst
+++ b/centos-mirror-tools/config/centos/flock/rpms_centos.lst
@ -293,8 +293,8 @@ horai-ume-uigothic-fonts-610-2.el7.noarch.rpm
 # hostname-3.13-3.el7.x86_64.rpm provided by mock
 httpcomponents-client-4.2.5-5.el7_0.noarch.rpm
 httpcomponents-core-4.2.4-6.el7.noarch.rpm
-httpd-2.4.6-95.el7.centos.x86_64.rpm
-httpd-tools-2.4.6-95.el7.centos.x86_64.rpm
+httpd-2.4.6-97.el7.centos.x86_64.rpm
+httpd-tools-2.4.6-97.el7.centos.x86_64.rpm
 hwdata-0.252-9.1.el7.x86_64.rpm
 hwloc-libs-1.11.8-4.el7.x86_64.rpm
 impallari-lobster-fonts-1.4-8.el7.noarch.rpm