Open Source Development

Power Open Source Development

Connect, learn, share, and engage with IBM Power.

#Power

View Only

Back to discussions

Expand all | Collapse all

Please update httpd to 2.4.58 (available from apache.org)

1. Please update httpd to 2.4.58 (available from apache.org)

Like
Erich Wolz
Posted Wed October 25, 2023 07:54 PM

Reply
2.4.58 addresses high-severity CVE-2023-45802, CVE-2023-43622, and CVE-2023-31122 (due in mid-November, per ITSS)

------------------------------
Erich Wolz
------------------------------

#AIXOpenSource
2. RE: Please update httpd to 2.4.58 (available from apache.org)

Like
RESHMA KUMAR
Posted Thu October 26, 2023 12:48 AM

Reply
Thanks for reporting it. We will update httpd to 2.4.58 soon.

------------------------------
RESHMA KUMAR
------------------------------

Original Message
3. RE: Please update httpd to 2.4.58 (available from apache.org)

Like
Scott Gruber
Posted Thu November 09, 2023 11:54 AM

Reply
What's the ETA for httpd 2.4.58 and mod_ssl 2.4.58 ?

Our security team is involved now.

Thanks

------------------------------
Scott Gruber
------------------------------

Original Message
4. RE: Please update httpd to 2.4.58 (available from apache.org)

Like
Erich Wolz
Posted Thu November 09, 2023 01:15 PM

Reply
I, too, am interested to know what the ETA for 2.4.58.

Per ITSS, we have to have the fixes for these CVEs installed by 2023-11-18 -- meaning they have to be available before then :-)

------------------------------
Erich Wolz
------------------------------

Original Message
5. RE: Please update httpd to 2.4.58 (available from apache.org)

Like
De Quan Qu
Posted Fri November 10, 2023 12:55 AM
Edited by De Quan Qu Fri November 10, 2023 12:55 AM

Reply
Same vulnerability waiting for fix.

------------------------------
De Quan Qu
------------------------------

Original Message
6. RE: Please update httpd to 2.4.58 (available from apache.org)

Like
RESHMA KUMAR
Posted Mon November 13, 2023 01:44 AM

Reply
Httpd 2.4.58 is now available in AIX Toolbox .

https://public.dhe.ibm.com/aix/freeSoftware/aixtoolbox/RPMS/ppc/httpd/httpd-2.4.58-1.aix7.1.ppc.rpm

------------------------------
RESHMA KUMAR
------------------------------

Original Message
7. RE: Please update httpd to 2.4.58 (available from apache.org)

Like
Scott Gruber
Posted Mon November 13, 2023 11:17 AM

Reply
Thanks Reshma, In updating httpd/mod_ssl I'm getting the below :

error: Failed dependencies:

libpq.a(libpq.so.5) is needed by apr-util-1.6.3-1.ppc

Where can I find the libpq.a library ?

------------------------------
Scott Gruber
------------------------------

Original Message
8. RE: Please update httpd to 2.4.58 (available from apache.org)

Like
Ayappan P
Posted Tue November 14, 2023 02:47 AM

Reply
The latest apr-util ships a postgresql module which links to this libpq postgresql library. Ideally this module would have been shipped as a separate sub-rpm , so that the main apr-util should not have this dependency on postgresql library. We will fix this soon. In the meanwhile, you can install with --nodeps option in the rpm command line.

------------------------------
Ayappan P
------------------------------

Original Message
9. RE: Please update httpd to 2.4.58 (available from apache.org)

Like
Vinny G
Posted Tue April 02, 2024 01:49 PM

Reply
Reshma

Can you take a quick look at my post? httpd 2.4.58 are not passing Tenable Scans. I wonder if the issue is the way httpd was compiled.

https://community.ibm.com/community/user/power/discussion/httpd-2458-1-and-tenable#bmbc8dfe9f-e8bf-4323-b038-018e854541f0

thanks

Vinny

------------------------------
Vinny G
------------------------------

Original Message
10. RE: Please update httpd to 2.4.58 (available from apache.org)

Like
Stefano Calisto
Posted Fri April 05, 2024 12:29 AM

Reply
Hi there

Apache 2.4.59 has just been released:

https://eur01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fhttpd.apache.org%2Fdownload.cgi&data=05%7C02%7Cstefano.calisto%40ubs.com%7Cac32d88dc9d2418a309408dc54b05805%7Cfb6ea4037cf14905810afe5547e98204%7C0%7C0%7C638478363605054496%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C0%7C%7C%7C&sdata=Ma%2FNDFuqhPR%2F3pgCV3nF2EakBmUnauqeC%2Fdqs%2BabHcg%3D&reserved=0

Now would be a good time to deliver that including the newest openssl fixes/versions :-P

Thanks in advance and kind regards,

Stefano Calisto

------------------------------
Stefano Calisto
------------------------------

Original Message

Open Source Development

Power Open Source Development

Please update httpd to 2.4.58 (available from apache.org)

Erich WolzWed October 25, 2023 07:54 PM

RESHMA KUMARThu October 26, 2023 12:48 AM

Scott GruberThu November 09, 2023 11:54 AM

Erich WolzThu November 09, 2023 01:15 PM

De Quan QuFri November 10, 2023 12:55 AM

RESHMA KUMARMon November 13, 2023 01:44 AM

Scott GruberMon November 13, 2023 11:17 AM

Ayappan PTue November 14, 2023 02:47 AM

Vinny GTue April 02, 2024 01:49 PM

Stefano CalistoFri April 05, 2024 12:29 AM

1. Please update httpd to 2.4.58 (available from apache.org)

2. RE: Please update httpd to 2.4.58 (available from apache.org)

3. RE: Please update httpd to 2.4.58 (available from apache.org)

4. RE: Please update httpd to 2.4.58 (available from apache.org)

5. RE: Please update httpd to 2.4.58 (available from apache.org)

6. RE: Please update httpd to 2.4.58 (available from apache.org)

7. RE: Please update httpd to 2.4.58 (available from apache.org)

8. RE: Please update httpd to 2.4.58 (available from apache.org)

9. RE: Please update httpd to 2.4.58 (available from apache.org)

10. RE: Please update httpd to 2.4.58 (available from apache.org)

Additional
Resources

Office

Quick Links

Open Source Development

Power Open Source Development

Please update httpd to 2.4.58 (available from apache.org)

Erich WolzWed October 25, 2023 07:54 PM

RESHMA KUMARThu October 26, 2023 12:48 AM

Scott GruberThu November 09, 2023 11:54 AM

Erich WolzThu November 09, 2023 01:15 PM

De Quan QuFri November 10, 2023 12:55 AM

RESHMA KUMARMon November 13, 2023 01:44 AM

Scott GruberMon November 13, 2023 11:17 AM

Ayappan PTue November 14, 2023 02:47 AM

Vinny GTue April 02, 2024 01:49 PM

Stefano CalistoFri April 05, 2024 12:29 AM

1. Please update httpd to 2.4.58 (available from apache.org)

2. RE: Please update httpd to 2.4.58 (available from apache.org)

3. RE: Please update httpd to 2.4.58 (available from apache.org)

4. RE: Please update httpd to 2.4.58 (available from apache.org)

5. RE: Please update httpd to 2.4.58 (available from apache.org)

6. RE: Please update httpd to 2.4.58 (available from apache.org)

7. RE: Please update httpd to 2.4.58 (available from apache.org)

8. RE: Please update httpd to 2.4.58 (available from apache.org)

9. RE: Please update httpd to 2.4.58 (available from apache.org)

10. RE: Please update httpd to 2.4.58 (available from apache.org)

Related Content

httpd-2.4.58-1 and Tenable

httpd 2.4.59 openssl libs included still vulnerable ?

httpd compiled with mysql support ?

Please update httpd > httpd-2.4.56

Open Source Vulnerability and Dependency Code Scans

Additional Resources

Office

Quick Links

Additional
Resources