Bug 2039437 - F34 left vulerable to CVE-2021-44790 and CVE-2021-44224
Summary: F34 left vulerable to CVE-2021-44790 and CVE-2021-44224
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Fedora
Classification: Fedora
Component: httpd
Version: 34
Hardware: Unspecified
OS: Unspecified
unspecified
unspecified
Target Milestone: ---
Assignee: Luboš Uhliarik
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2022-01-11 17:49 UTC by Jason Tibbitts
Modified: 2022-03-26 15:24 UTC (History)
7 users (show)

Fixed In Version: httpd-2.4.53-1.fc35 httpd-2.4.53-1.fc34 httpd-2.4.53-1.fc36
Doc Type: ---
Doc Text:
Clone Of:
Environment:
Last Closed: 2022-03-22 03:41:49 UTC
Type: Bug
Embargoed:

Attachments (Terms of Use)

Description Jason Tibbitts 2022-01-11 17:49:41 UTC 
Recently F35 and rawhide were updated to httpd 2.4.52 to fix two security vulnerabilities, but F34 was not updated or patched in any way.  I commented on one of the security tracking tickets but I doubt anyone would notice because those tickets have all been closed, so I've opened a separate ticket just to make sure that it's visible.

Was F34 intentionally left at the older version?
Comment 1 Fedora Update System 2022-03-17 16:59:36 UTC 
FEDORA-2022-b4103753e9 has been submitted as an update to Fedora 35. https://bodhi.fedoraproject.org/updates/FEDORA-2022-b4103753e9
Comment 2 Fedora Update System 2022-03-17 16:59:37 UTC 
FEDORA-2022-78e3211c55 has been submitted as an update to Fedora 36. https://bodhi.fedoraproject.org/updates/FEDORA-2022-78e3211c55
Comment 3 Fedora Update System 2022-03-17 16:59:40 UTC 
FEDORA-2022-21264ec6db has been submitted as an update to Fedora 34. https://bodhi.fedoraproject.org/updates/FEDORA-2022-21264ec6db
Comment 4 Fedora Update System 2022-03-18 15:53:03 UTC 
FEDORA-2022-78e3211c55 has been pushed to the Fedora 36 testing repository.
Soon you'll be able to install the update with the following command:
`sudo dnf upgrade --enablerepo=updates-testing --advisory=FEDORA-2022-78e3211c55`
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2022-78e3211c55

See also https://fedoraproject.org/wiki/QA:Updates_Testing for more information on how to test updates.
Comment 5 Fedora Update System 2022-03-18 19:32:51 UTC 
FEDORA-2022-21264ec6db has been pushed to the Fedora 34 testing repository.
Soon you'll be able to install the update with the following command:
`sudo dnf upgrade --enablerepo=updates-testing --advisory=FEDORA-2022-21264ec6db`
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2022-21264ec6db

See also https://fedoraproject.org/wiki/QA:Updates_Testing for more information on how to test updates.
Comment 6 Fedora Update System 2022-03-18 20:07:58 UTC 
FEDORA-2022-b4103753e9 has been pushed to the Fedora 35 testing repository.
Soon you'll be able to install the update with the following command:
`sudo dnf upgrade --enablerepo=updates-testing --advisory=FEDORA-2022-b4103753e9`
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2022-b4103753e9

See also https://fedoraproject.org/wiki/QA:Updates_Testing for more information on how to test updates.
Comment 7 Fedora Update System 2022-03-22 03:41:49 UTC 
FEDORA-2022-b4103753e9 has been pushed to the Fedora 35 stable repository.
If problem still persists, please make note of it in this bug report.
Comment 8 Fedora Update System 2022-03-25 22:05:07 UTC 
FEDORA-2022-21264ec6db has been pushed to the Fedora 34 stable repository.
If problem still persists, please make note of it in this bug report.
Comment 9 Fedora Update System 2022-03-26 15:24:30 UTC 
FEDORA-2022-78e3211c55 has been pushed to the Fedora 36 stable repository.
If problem still persists, please make note of it in this bug report.
Note You need to log in before you can comment on or make changes to this bug.