Apache 2.0.51 security updates in IHS ? - Websphere

This is a discussion on Apache 2.0.51 security updates in IHS ? - Websphere ; Can someone tell me which IHS fixpack/version includes the Apache 2.0.51 security updates ?...

+ Reply to Thread
Results 1 to 9 of 9

Thread: Apache 2.0.51 security updates in IHS ?

  1. Apache 2.0.51 security updates in IHS ?

    Can someone tell me which IHS fixpack/version includes the Apache 2.0.51 security updates ?

  2. Re: Apache 2.0.51 security updates in IHS ?

    I assume you are asking this question after running some kind of scan. Have
    you installed IHS 2.0.47 with the latest cumulative fix? For fixes see:
    http://www-1.ibm.com/support/docview...g27005198#2047

    Sunit


    wrote in message
    news:1648803402.1169129982583.JavaMail.wassrvr@lts gwas009.sby.ibm.com...
    > Can someone tell me which IHS fixpack/version includes the Apache 2.0.51
    > security updates ?




  3. Re: Apache 2.0.51 security updates in IHS ?

    As per the link I posted earlier the latest for 6.1 is 6.1.0.5 (released on
    Jan 15, 2007). I am not sure that the base for that is 2.0.51 or not.
    http://www-1.ibm.com/support/docview...swg27005198#61

    Sunit

    wrote in message
    news:876434933.1169138358795.JavaMail.wassrvr@ltsg was010.sby.ibm.com...
    > Thanks for the quick response. We are using IHS 6.1. As per the Apache -V
    > command, it is based on Apache 2.0.47. We are looking for the security
    > fixes in Apache 2.0.51. Which IHS version/fixpack includes those ?
    > Much appreciated....
    >




  4. Re: Apache 2.0.51 security updates in IHS ?

    Thanks for the quick response. We are using IHS 6.1. As per the Apache -V command, it is based on Apache 2.0.47. We are looking for the security fixes in Apache 2.0.51. Which IHS version/fixpack includes those ?
    Much appreciated....


  5. Re: Apache 2.0.51 security updates in IHS ?

    If you ran apache -V on IHS 6.1, you should have seen a list
    of exactly the security fixes included. Figuring out whether
    the ones in Apache 2.0.51 are in that list should not be hard,
    though I haven't tried it.

    Dan

    writes:

    > Thanks for the quick response. We are using IHS 6.1. As per the
    > Apache -V command, it is based on Apache 2.0.47. We are looking for
    > the security fixes in Apache 2.0.51. Which IHS version/fixpack
    > includes those ? Much appreciated....
    >

    --
    Dan Poirier

  6. Re: Apache 2.0.51 security updates in IHS ?

    Thank you ! Yes the Apache -V helped. Also, the \readme\CHANGES_HTTP file has details on the backported fixes from 2.0.51.

  7. Re: Apache 2.0.51 security updates in IHS ?

    Hello,

    I installed FP 13 and that's what I got:



    apache -V:



    Server version: IBM_HTTP_Server/6.1.0.13 Apache/2.0.47



    As per http://www-1.ibm.com/support/docview...27008517#61013

    the version of apache suppose to be upgraded.



    Isn't it please? Any actions I missed?

  8. Re: Apache 2.0.51 security updates in IHS ?

    ludmila.shenker@cgi.com wrote:
    > Hello,
    >
    > I installed FP 13 and that's what I got:
    >
    > apache -V:
    >
    > Server version: IBM_HTTP_Server/6.1.0.13 Apache/2.0.47
    >
    > As per http://www-1.ibm.com/support/docview...27008517#61013
    > the version of apache suppose to be upgraded.
    >
    > Isn't it please? Any actions I missed?


    The "Apache/2.0.47" doesn't change with maintenance, that's the last
    major level that IHS is "based on". It doesn't get incremented as
    patches are backported.

    If you're interested in a CVE, and the module is provided with IHS, look
    at the fix list or look for the CVE in the -V (capital) output once
    you've installed it.

    Watch out for CVEs that A) don't apply to Apache 2.0.x or B) are in
    modules not supplied by IBM -- they won't be in the list.

    --
    Eric Covener

  9. Re: Apache 2.0.51 security updates in IHS ?

    Thank you Eric!

+ Reply to Thread