View Issue Details

IDProjectCategoryView StatusLast Update
0000416AlmaLinux-9httpdpublic2023-08-15 16:29
Reporterrbrothers Assigned Toalukoshko  
Status assignedResolutionopen 
Summary0000416: httpd - patch for CVE-2023-27522
DescriptionThis might be too soon to discuss something like this, and I understand if so.

I've been waiting for Red Hat to patch CVE-2023-27522 in httpd in RHEL 9:

In theory with the recent announcement, would it be possible to patch this in AlmaLinux 9 even though it hasn't yet been patched in RHEL 9?

I believe the apache patch is at:

I'm thinking perhaps the reason Red Hat hasn't patched it yet is because Apache rated it as moderate, but NIST has rated it as high:

Thanks for your help.
TagsNo tags attached.



2023-08-01 11:27

administrator   ~0000938

Hi! It's not too soon, it's just the right time )
We're going to implement Testing repo for such packages that are requested by community / patched by us and not exactly 1:1 RHEL, so community will be able to check them before release to stable repos.
And we can start with CVE-2023-27522. Are you ready to help with testing?


2023-08-01 13:38

reporter   ~0000939

That would be great. Yes, I'd be happy to help test. Thanks.


2023-08-01 15:06

administrator   ~0000940

OK, testing repo is not ready yes so here is the build:

To add it to your system please do:
curl -o /etc/yum.repos.d/almalinux-cve-2023-27522.repo

Then update and check how it works.


2023-08-04 03:25

reporter   ~0000950

Thanks so much for the quick update. It worked great. Sorry for the delay - for some reason, I didn't get an email when you added your comment.


2023-08-15 16:29

reporter   ~0000958

I saw the package come through in the new testing repo too. All looks good from what I can see.

Issue History

Date Modified Username Field Change
2023-07-29 15:29 rbrothers New Issue
2023-08-01 11:18 alukoshko Assigned To => alukoshko
2023-08-01 11:18 alukoshko Status new => acknowledged
2023-08-01 11:27 alukoshko Note Added: 0000938
2023-08-01 13:38 rbrothers Note Added: 0000939
2023-08-01 15:06 alukoshko Note Added: 0000940
2023-08-04 03:25 rbrothers Note Added: 0000950
2023-08-15 11:28 alukoshko Status acknowledged => feedback
2023-08-15 16:29 rbrothers Note Added: 0000958
2023-08-15 16:29 rbrothers Status feedback => assigned