Results 1 to 2 of 2

Thread: Apache2 2.22--10.12.1.i586 and CVE-2013-5704

  1. #1

    Default Apache2 2.22--10.12.1.i586 and CVE-2013-5704

    Hi

    At our systems we have installed apache2-2.22--10.12.1, which is vulnerable for CVE-2013-5704 (amongst others).

    As solution, according to nessus:

    Upgrade to Apache version 2.2.29 or later.

    This version isn't available in the standard updates repositories. Will this version become available or will there be no more updates for apache2-2.22 on opensuse 12.3?

    Thx for answers
    Hans

  2. #2

    Default Re: Apache2 2.22--10.12.1.i586 and CVE-2013-5704

    Quote Originally Posted by hscheffers View Post
    This version isn't available in the standard updates repositories. Will this version become available or will there be no more updates for apache2-2.22 on opensuse 12.3?
    Version numbers are not raised for the official updates, so there never will be an update to 2.2.29 in the official update repo.
    The 2.2.22 does have a lot of patches added to fix issues though so it isn't really 2.2.22, have a look at the pacakge changelog:
    Code:
    rpm -q --changelog apache2|less
    I don't see any particular mention of CVE-2013-5704 though, so you might want to file a bug report to get the fix added to the 12.3 package if necessary.

    But 12.3 is nearly end-of-life. According to https://en.opensuse.org/Lifetime it will be supported until Jan. 4th 2015, after that you'll not get any updates at all any more.
    So it might be time to consider upgrading to a newer version, 13.1 has been selected as the next Evergreen version for prolonged support btw.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •