Original Message:
Sent: Fri October 04, 2024 11:15 AM
From: Scott Gruber
Subject: Need Apache httpd 2.4.62
Hi Reshma,
Our security department is flagging Apache SSL as vulnerable. Tenable is expecting openssl 1.1.1za in their scans, but they are getting openssl 1.1.1y
From Nessus :
Nessus Plugin ID: | Nessus Plugin Name: | Latest CVE (if applicable): |
201084 | OpenSSL 1.1.1<1.1.1za Vulnerability | CVE-2024-5535 |
We have the ifix in place :
ID STATE LABEL INSTALL TIME UPDATED BY ABSTRACT
=== ===== ========== ================= ========== ======================================
1 S 3013sa 08/22/24 15:26:00 ifix for openssl july CVEs
However curl is reporting :
curl : Apache reports for HTTP : Server: Apache/2.4.62 (Unix) OpenSSL/1.1.1y
curl : Apache reports for HTTPS : Server: Apache/2.4.62 (Unix) OpenSSL/1.1.1y
When is httpd/mod_ssl anticipated to be updated or does the ifix in place fix this vulnerability ?
Our OS level is : 7300-02-02-2420
Thanks
------------------------------
Scott Gruber
Original Message:
Sent: Thu August 01, 2024 03:11 AM
From: RESHMA KUMAR
Subject: Need Apache httpd 2.4.62
Httpd 2.4.62 is now available in AIX Toolbox.
You can use DNF to update to this version from the AIX Toolbox repository.
------------------------------
RESHMA KUMAR
Original Message:
Sent: Tue July 30, 2024 11:36 PM
From: Jan Harris
Subject: Need Apache httpd 2.4.62
Hi Roger - I checked with team late last week, this rshould be getting published very soon
------------------------------
Jan Harris
AIX Development Support (Liaison to the AIX Toolbox for Open Source)
IBM (Contract)
Austin
Original Message:
Sent: Tue July 23, 2024 09:55 AM
From: Roger Weaver
Subject: Need Apache httpd 2.4.62
Although Apache httpd was just recently updated to version 2.4.61 in the AIX Toolbox, there is already a new 2.4.62 version to fix multiple vulnerabilities that has been rated a "Medium" severity by Tenable Nessus. Please make Apache httpd 2.4.62 (or later) available at your earliest opportunity.
Thank you!
------------------------------
Roger Weaver
------------------------------