0

There is a difference in version between httpd24-httpd installed with Software Collections on CentOS 7.9 and httpd24-httpd installed with RHEL (Universal Base Images).

CentOS 7.9

yum install centos-release-scl centos-release-scl-rh
yum install httpd24-httpd

rpm -q --changelog httpd24-httpd | head -3
# * Tue Sep 20 2022 Luboš Uhliarik <luhliari@redhat.com> - 2.4.34-23.5
# - Related: #2035029 - CVE-2021-44224 httpd24-httpd: httpd: possible NULL
#   dereference or SSRF in forward proxy configurations

RHEL 7.9 (ubi)

yum install httpd24-httpd

rpm -q --changelog httpd24-httpd | head -3
# * Thu Apr 13 2023 Luboš Uhliarik <luhliari@redhat.com> - 2.4.34-23.6
# - Resolves: #2176722 - CVE-2023-25690 httpd24-httpd: httpd: HTTP request
#   splitting with mod_rewrite and mod_proxy

The following shows that it has not been updated since 2023-01-03.

http://mirror.centos.org/centos/7/sclo/x86_64/rh/repodata/

Is CentOS 7 SCL (Software Collections) abandoned?

ngyuki
  • 101
  • 1
  • CentOS Linux was discontinued at the end of 2021 in favor of CentOS Stream, a distribution positioned upstream of RHEL https://en.wikipedia.org/wiki/CentOS – David Trevor Aug 02 '23 at 08:54

0 Answers0