View Issue Details
| ID | Project | Category | View Status | Date Submitted | Last Update |
|---|---|---|---|---|---|
| 0000416 | AlmaLinux-9 | httpd | public | 2023-07-29 15:29 | 2023-08-15 16:29 |
| Reporter | rbrothers | Assigned To | alukoshko | ||
| Priority | normal | Severity | minor | Reproducibility | N/A |
| Status | assigned | Resolution | open | ||
| Summary | 0000416: httpd - patch for CVE-2023-27522 | ||||
| Description | This might be too soon to discuss something like this, and I understand if so. I've been waiting for Red Hat to patch CVE-2023-27522 in httpd in RHEL 9: https://bugzilla.redhat.com/show_bug.cgi?id=2176211 https://access.redhat.com/security/cve/cve-2023-27522 In theory with the recent announcement, would it be possible to patch this in AlmaLinux 9 even though it hasn't yet been patched in RHEL 9? I believe the apache patch is at: https://svn.apache.org/viewvc?view=revision&revision=r1908094 I'm thinking perhaps the reason Red Hat hasn't patched it yet is because Apache rated it as moderate, but NIST has rated it as high: https://nvd.nist.gov/vuln/detail/CVE-2023-27522 Thanks for your help. | ||||
| Tags | No tags attached. | ||||
|
|
Hi! It's not too soon, it's just the right time ) We're going to implement Testing repo for such packages that are requested by community / patched by us and not exactly 1:1 RHEL, so community will be able to check them before release to stable repos. And we can start with CVE-2023-27522. Are you ready to help with testing? |
|
|
That would be great. Yes, I'd be happy to help test. Thanks. |
|
|
OK, testing repo is not ready yes so here is the build: https://build.almalinux.org/build/7051 To add it to your system please do: curl https://build.almalinux.org/pulp/content/builds/AlmaLinux-9-x86_64-7051-br/config.repo -o /etc/yum.repos.d/almalinux-cve-2023-27522.repo Then update and check how it works. |
|
|
Thanks so much for the quick update. It worked great. Sorry for the delay - for some reason, I didn't get an email when you added your comment. |
|
|
I saw the package come through in the new testing repo too. All looks good from what I can see. |
| Date Modified | Username | Field | Change |
|---|---|---|---|
| 2023-07-29 15:29 | rbrothers | New Issue | |
| 2023-08-01 11:18 | alukoshko | Assigned To | => alukoshko |
| 2023-08-01 11:18 | alukoshko | Status | new => acknowledged |
| 2023-08-01 11:27 | alukoshko | Note Added: 0000938 | |
| 2023-08-01 13:38 | rbrothers | Note Added: 0000939 | |
| 2023-08-01 15:06 | alukoshko | Note Added: 0000940 | |
| 2023-08-04 03:25 | rbrothers | Note Added: 0000950 | |
| 2023-08-15 11:28 | alukoshko | Status | acknowledged => feedback |
| 2023-08-15 16:29 | rbrothers | Note Added: 0000958 | |
| 2023-08-15 16:29 | rbrothers | Status | feedback => assigned |
