AIX Open Source

Although Apache httpd was just recently updated to version 2.4.61 in the AIX Toolbox, there is already a new 2.4.62 version to fix multiple vulnerabilities that has been rated a "Medium" severity by Tenable Nessus.  Please make Apache httpd 2.4.62 (or later) available at your earliest opportunity.

Thank you!

Hi Roger - I checked with team late last week, this rshould be getting published very soon 

Although Apache httpd was just recently updated to version 2.4.61 in the AIX Toolbox, there is already a new 2.4.62 version to fix multiple vulnerabilities that has been rated a "Medium" severity by Tenable Nessus.  Please make Apache httpd 2.4.62 (or later) available at your earliest opportunity.

Thank you!

Httpd 2.4.62 is now available in AIX Toolbox. 

You can use DNF to update to this version from the AIX Toolbox repository.

------------------------------
RESHMA KUMAR

Original Message:
Sent: Tue July 30, 2024 11:36 PM
From: Jan Harris
Subject: Need Apache httpd 2.4.62

Hi Roger - I checked with team late last week, this rshould be getting published very soon 

------------------------------
Jan Harris
AIX Development Support (Liaison to the AIX Toolbox for Open Source)
IBM (Contract)
Austin

Original Message:
Sent: Tue July 23, 2024 09:55 AM
From: Roger Weaver
Subject: Need Apache httpd 2.4.62

Although Apache httpd was just recently updated to version 2.4.61 in the AIX Toolbox, there is already a new 2.4.62 version to fix multiple vulnerabilities that has been rated a "Medium" severity by Tenable Nessus.  Please make Apache httpd 2.4.62 (or later) available at your earliest opportunity.

Thank you!

------------------------------
Roger Weaver
------------------------------

Hi Reshma,

Our security department is flagging Apache SSL as vulnerable. Tenable is expecting openssl 1.1.1za in their scans, but they are getting openssl 1.1.1y

From Nessus : 

We have the ifix in place :

ID  STATE LABEL      INSTALL TIME      UPDATED BY ABSTRACT

=== ===== ========== ================= ========== ======================================

1    S    3013sa     08/22/24 15:26:00            ifix for openssl july CVEs            

However curl is reporting :

 curl : Apache reports for HTTP       : Server: Apache/2.4.62 (Unix) OpenSSL/1.1.1y

 curl : Apache reports for HTTPS     : Server: Apache/2.4.62 (Unix) OpenSSL/1.1.1y

When is httpd/mod_ssl anticipated to be updated or does the ifix in place fix this vulnerability ?

Our OS level is :  7300-02-02-2420

Thanks

------------------------------
Scott Gruber

Original Message:
Sent: Thu August 01, 2024 03:11 AM
From: RESHMA KUMAR
Subject: Need Apache httpd 2.4.62

Httpd 2.4.62 is now available in AIX Toolbox. 

You can use DNF to update to this version from the AIX Toolbox repository.

------------------------------
RESHMA KUMAR

Original Message:
Sent: Tue July 30, 2024 11:36 PM
From: Jan Harris
Subject: Need Apache httpd 2.4.62

Hi Roger - I checked with team late last week, this rshould be getting published very soon 

------------------------------
Jan Harris
AIX Development Support (Liaison to the AIX Toolbox for Open Source)
IBM (Contract)
Austin

Original Message:
Sent: Tue July 23, 2024 09:55 AM
From: Roger Weaver
Subject: Need Apache httpd 2.4.62

Although Apache httpd was just recently updated to version 2.4.61 in the AIX Toolbox, there is already a new 2.4.62 version to fix multiple vulnerabilities that has been rated a "Medium" severity by Tenable Nessus.  Please make Apache httpd 2.4.62 (or later) available at your earliest opportunity.

Thank you!

------------------------------
Roger Weaver
------------------------------