From fc00096e8beb10f96ae0d33d3d0008d929c5f124 Mon Sep 17 00:00:00 2001 From: Joe Slater Date: Thu, 17 Mar 2022 14:27:32 -0400 Subject: [PATCH] httpd: fix three CVEs CVE-2021-26691: heap overflow CVE-2021-39275: out-of-bounds-write CVE-2021-44790: buffer overflow Advance to version 2.4.6-97.el7.centos. === testing boot iso and log in; become root; httpd is not running systemctl stop lighttpd # free up port 80 systemctl start httpd # takes a while echo arf > /var/www/html/arf.txt # something to fetch wget http://localhost/arf.txt cat arf.txt This shows httpd is processing requests. === Closes-bug: 1960765 Signed-off-by: Joe Slater Change-Id: Idcff71fe505a187e7bcfaea7a8818233a4ef76ac --- centos-mirror-tools/config/centos/flock/rpms_centos.lst | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/centos-mirror-tools/config/centos/flock/rpms_centos.lst b/centos-mirror-tools/config/centos/flock/rpms_centos.lst index 64b11926..9f51277d 100644 --- a/centos-mirror-tools/config/centos/flock/rpms_centos.lst +++ b/centos-mirror-tools/config/centos/flock/rpms_centos.lst @@ -293,8 +293,8 @@ horai-ume-uigothic-fonts-610-2.el7.noarch.rpm # hostname-3.13-3.el7.x86_64.rpm provided by mock httpcomponents-client-4.2.5-5.el7_0.noarch.rpm httpcomponents-core-4.2.4-6.el7.noarch.rpm -httpd-2.4.6-95.el7.centos.x86_64.rpm -httpd-tools-2.4.6-95.el7.centos.x86_64.rpm +httpd-2.4.6-97.el7.centos.x86_64.rpm +httpd-tools-2.4.6-97.el7.centos.x86_64.rpm hwdata-0.252-9.1.el7.x86_64.rpm hwloc-libs-1.11.8-4.el7.x86_64.rpm impallari-lobster-fonts-1.4-8.el7.noarch.rpm