AIX Open Source

AIX Open Source

Share your experiences and connect with fellow developers to discover how to build and manage open source software for the AIX operating system

 View Only
Back to discussions
Expand all | Collapse all

Please update httpd to 2.4.58 (available from apache.org)

  • 1.  Please update httpd to 2.4.58 (available from apache.org)

    Posted Wed October 25, 2023 07:54 PM

    2.4.58 addresses high-severity CVE-2023-45802, CVE-2023-43622, and CVE-2023-31122 (due in mid-November, per ITSS)



    ------------------------------
    Erich Wolz
    ------------------------------


  • 2.  RE: Please update httpd to 2.4.58 (available from apache.org)

    Posted Thu October 26, 2023 12:48 AM

    Thanks for reporting it. We will update httpd to 2.4.58 soon.



    ------------------------------
    RESHMA KUMAR
    ------------------------------

    Original Message


  • 3.  RE: Please update httpd to 2.4.58 (available from apache.org)

    Posted Thu November 09, 2023 11:54 AM

    What's the ETA for httpd 2.4.58 and mod_ssl 2.4.58 ?  

     Our security team is involved now.

    Thanks



    ------------------------------
    Scott Gruber
    ------------------------------

    Original Message


  • 4.  RE: Please update httpd to 2.4.58 (available from apache.org)

    Posted Thu November 09, 2023 01:15 PM

    I, too, am interested to know what the ETA for 2.4.58.

    Per ITSS, we have to have the fixes for these CVEs installed by 2023-11-18 -- meaning they have to be available before then :-) 



    ------------------------------
    Erich Wolz
    ------------------------------

    Original Message


  • 5.  RE: Please update httpd to 2.4.58 (available from apache.org)

    Posted Fri November 10, 2023 12:55 AM
    Edited by De Quan Qu Fri November 10, 2023 12:55 AM

    Same  vulnerability waiting for fix.



    ------------------------------
    De Quan Qu
    ------------------------------

    Original Message


  • 6.  RE: Please update httpd to 2.4.58 (available from apache.org)

    Posted Mon November 13, 2023 01:44 AM

    Httpd 2.4.58 is now available in AIX Toolbox . 

    https://public.dhe.ibm.com/aix/freeSoftware/aixtoolbox/RPMS/ppc/httpd/httpd-2.4.58-1.aix7.1.ppc.rpm



    ------------------------------
    RESHMA KUMAR
    ------------------------------

    Original Message


  • 7.  RE: Please update httpd to 2.4.58 (available from apache.org)

    Posted Mon November 13, 2023 11:17 AM

    Thanks Reshma, In updating httpd/mod_ssl I'm getting the below : 

    error: Failed dependencies:

            libpq.a(libpq.so.5) is needed by apr-util-1.6.3-1.ppc

    Where can I find the libpq.a library ?



    ------------------------------
    Scott Gruber
    ------------------------------

    Original Message


  • 8.  RE: Please update httpd to 2.4.58 (available from apache.org)

    Posted Tue November 14, 2023 02:47 AM

    The latest apr-util ships a postgresql module which links to this libpq postgresql library. Ideally this module would have been shipped as a separate sub-rpm , so that the main apr-util should not have this dependency on postgresql library. We will fix this soon. In the meanwhile, you can install with --nodeps option in the rpm command line. 



    ------------------------------
    Ayappan P
    ------------------------------

    Original Message


  • 9.  RE: Please update httpd to 2.4.58 (available from apache.org)

    Posted Tue April 02, 2024 01:49 PM

    Reshma

    Can you take a quick look at my post? httpd 2.4.58 are not passing Tenable Scans.  I wonder if the issue is the way httpd was compiled.

    https://community.ibm.com/community/user/power/discussion/httpd-2458-1-and-tenable#bmbc8dfe9f-e8bf-4323-b038-018e854541f0

    thanks 

    Vinny



    ------------------------------
    Vinny G
    ------------------------------

    Original Message


  • 10.  RE: Please update httpd to 2.4.58 (available from apache.org)

    Posted Fri April 05, 2024 12:29 AM

    Hi there

    Apache 2.4.59 has just been released:

    https://eur01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fhttpd.apache.org%2Fdownload.cgi&data=05%7C02%7Cstefano.calisto%40ubs.com%7Cac32d88dc9d2418a309408dc54b05805%7Cfb6ea4037cf14905810afe5547e98204%7C0%7C0%7C638478363605054496%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C0%7C%7C%7C&sdata=Ma%2FNDFuqhPR%2F3pgCV3nF2EakBmUnauqeC%2Fdqs%2BabHcg%3D&reserved=0

    Now would be a good time to deliver that including the newest openssl fixes/versions :-P 

    Thanks in advance and kind regards,

    Stefano Calisto



    ------------------------------
    Stefano Calisto
    ------------------------------

    Original Message