Bug 2099897

Summary: Can it be updated 2.4.54 to fix CISE HIGH vulnerability reports?
Product: [Fedora] Fedora Reporter: Michael Glass <michael.glass>
Component: httpdAssignee: Luboš Uhliarik <luhliari>
Status: CLOSED ERRATA QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 35CC: anon.amish, jkaluza, jorton, luhliari, mturk, sid
Target Milestone: ---   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: httpd-2.4.54-3.fc36 httpd-2.4.54-1.fc35 Doc Type: ---
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2022-07-01 01:07:25 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Michael Glass 2022-06-21 22:20:13 UTC 
Description of problem:  CISE vulnerability scans report that Apache web server (package httpd) versions 2.4.53 and below have HIGH vulnerability. 

2.4.53 is the current version in Fedora 35 and 36.

Version 2.4.54 was released on June 8, as near as I can tell.

Is there an update in the works for the Fedora versions currently in support?
Comment 1 Fedora Update System 2022-06-27 10:47:44 UTC 
FEDORA-2022-b54a8dee29 has been submitted as an update to Fedora 35. https://bodhi.fedoraproject.org/updates/FEDORA-2022-b54a8dee29
Comment 2 Fedora Update System 2022-06-27 10:53:50 UTC 
FEDORA-2022-e620fb15d5 has been submitted as an update to Fedora 36. https://bodhi.fedoraproject.org/updates/FEDORA-2022-e620fb15d5
Comment 3 Fedora Update System 2022-06-28 01:09:46 UTC 
FEDORA-2022-e620fb15d5 has been pushed to the Fedora 36 testing repository.
Soon you'll be able to install the update with the following command:
`sudo dnf upgrade --enablerepo=updates-testing --refresh --advisory=FEDORA-2022-e620fb15d5`
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2022-e620fb15d5

See also https://fedoraproject.org/wiki/QA:Updates_Testing for more information on how to test updates.
Comment 4 Fedora Update System 2022-06-28 01:17:32 UTC 
FEDORA-2022-b54a8dee29 has been pushed to the Fedora 35 testing repository.
Soon you'll be able to install the update with the following command:
`sudo dnf upgrade --enablerepo=updates-testing --refresh --advisory=FEDORA-2022-b54a8dee29`
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2022-b54a8dee29

See also https://fedoraproject.org/wiki/QA:Updates_Testing for more information on how to test updates.
Comment 5 Fedora Update System 2022-07-01 01:07:25 UTC 
FEDORA-2022-e620fb15d5 has been pushed to the Fedora 36 stable repository.
If problem still persists, please make note of it in this bug report.
Comment 6 Fedora Update System 2022-07-06 01:53:38 UTC 
FEDORA-2022-b54a8dee29 has been pushed to the Fedora 35 stable repository.
If problem still persists, please make note of it in this bug report.