Issue
There are CVE vulnerabilities that should be patched. How can we ensure that they are patched on our system, and prove it to our external customer?
Environment
- TuxCare ELS
Solution
As you can see it in ELS CVE tracking system, the following package versions contain the fix:

and to get more details, click on the CVE of the needed OS version (in our example it's CentOS 8.5 ELS):

then navigate to the needed ERRATA link:

And there you will see the exact package version containing the fix and how to install it:
https://cve.tuxcare.com/els/releases/CLSA-2024:1724351427


To check the package version on the server, use this command:
# rpm -qa | grep httpd httpd-2.4.37-43.module_el8.5.0+2210+0ce89f10.tuxcare.els14.x86_64 httpd-filesystem-2.4.37-43.module_el8.5.0+2210+0ce89f10.tuxcare.els14.noarch centos-logos-httpd-85.8-2.el8.noarch httpd-tools-2.4.37-43.module_el8.5.0+2210+0ce89f10.tuxcare.els14.x86_64
as you can see it, the package is httpd-2.4.37-43.module_el8.5.0+2210+0ce89f10.tuxcare.els14.x86_64, and to check if it has CVE patches, you can use RPM changelog:
[root@localhost ~]# rpm -q --changelog httpd-2.4.37-43.module_el8.5.0+2210+0ce89f10.tuxcare.els14.x86_64 | grep CVE-2024-38475 - CVE-2024-38475: mod_rewrite: server weakness in mod_rewrite when first
Comments
0 comments
Please sign in to leave a comment.