Nagios Support Forum

Posted: **Tue Feb 01, 2022 2:03 pm**

Running nagiosxi appliance centos 7 and have the following items from security How Can check to see if the following had been patched ?
R7-apache-httpd-cve-2021-26690
R7-apache-httpd-cve-2020-35452
R7-apache-httpd-cve-2020-35452
R7-apache-httpd-cve-2021-26690

Posted: **Wed Feb 02, 2022 12:46 pm**

Hi,

Take a look at the cve, for example cve-2021-26690:

Code: Select all

low: mod_session NULL pointer dereference (CVE-2021-26690)
Apache HTTP Server versions 2.4.0 to 2.4.46 A specially crafted Cookie header handled by mod_session can cause a NULL pointer dereference and crash, leading to a possible Denial Of Service

Acknowledgements: This issue was discovered and reported by GHSL team member @antonio-morales (Antonio Morales)

Reported to security team	2021-02-08
Issue public	2021-06-01
Update 2.4.48 released	2021-06-01
Affects	2.4.46, 2.4.43, 2.4.41, 2.4.39, 2.4.38, 2.4.37, 2.4.35, 2.4.34, 2.4.33, 2.4.29, 2.4.28, 2.4.27, 2.4.26, 2.4.25, 2.4.23, 2.4.20, 2.4.18, 2.4.17, 2.4.16, 2.4.12, 2.4.10, 2.4.9, 2.4.7, 2.4.6, 2.4.4, 2.4.3, 2.4.2, 2.4.1, 2.4.0

It is under the heading "Fixed in Apache HTTP Server 2.4.48"

Now on your system run:
yum list installed httpd

Code: Select all

[root@localhost tmp]# yum list installed httpd
Loaded plugins: fastestmirror
Loading mirror speeds from cached hostfile
 * base: bay.uchicago.edu
 * extras: mirrors.lug.mtu.edu
 * updates: repo.ialab.dsu.edu
Installed Packages
httpd.x86_64                                                2.4.6-97.el7.centos.4                                                @updates
[root@localhost tmp]#

2.4.6-97 > 2-4.48 so you would be covered for this cve

Thanks

Posted: **Wed Feb 02, 2022 3:46 pm**

Thanks

Nagios Support Forum

Running nagios appliance Affected Packages

Running nagios appliance Affected Packages

Re: Running nagios appliance Affected Packages

Re: Running nagios appliance Affected Packages