Vulnerabilities of Apache and OpenSSL in Rocky 8.6

tmchan0003 · June 5, 2023, 3:31am

Hi Support,

I found that there are several vulnerabilities for Apache and OpenSSL in Rocky 8.6 by third-party vulnerability scanning system as follows:-

For Apache:-
CVE-2019-0217
CVE-2019-0220
CVE-2019-10092
CVE-2019-10098
CVE-2020-1934
CVE-2022-22721
CVE-2022-26377
CVE-2022-28614
CVE-2022-28615
CVE-2022-31813

For OpenSSL:-
CVE-2023-0215

And, I checked the exact installed version of Apache2 and OpenSSL by using “dnf list installed” as follows:-

httpd.x86_64 2.4.37-47.module+el8.6.0+985+b8ff6398.2
openssl.x86_64 1:1.1.1k-7.el8_6

I would like to know where to find the change log for both Apache (2.4.37-47.module+el8.6.0+985+b8ff6398.2) and OpenSSL (1:1.1.1k-7.el8_6) so that I can confirm whether the above CVEs can be solved or not?

Many thanks

nazunalika · June 5, 2023, 3:48am

The change log can be found by running rpm -q httpd --changelog and rpm -q openssl --changelog.

8.6 is no longer in support. You are recommended to update to full by running dnf update to get to Rocky Linux 8.8. Doing so will resolve most security issues.

In the event the security scanner points out CVE’s, I encourage you to:

check the change log with the commands above
attempt to find each CVE, and in the event you cannot, search for them here and see if it affects you or not
Review how backports work in Enterprise Linux here.

tmchan0003 · June 5, 2023, 4:06am

Hi nazunalika,

Many thanks

Topic		Replies	Views
CVE-2019-0211: httpd Rocky Linux General	3	255	October 16, 2023
Upgrade apache and OpenSSL in Rocky 8.6 Rocky Linux General	2	861	August 25, 2023
Errata missing a specific httpd security advisory Rocky Linux General	3	508	August 25, 2023
Rocky Errata Database Rocky Linux General	4	357	January 20, 2024
Apache version suitability for Rocky 8.5 Rocky Linux General	7	2646	August 25, 2023

Vulnerabilities of Apache and OpenSSL in Rocky 8.6

Related Topics