• If you are still using CentOS 7.9, it's time to convert to Alma 8 with the free centos2alma tool by Plesk or Plesk Migrator. Please let us know your experiences or concerns in this thread:
    CentOS2Alma discussion
  • Inviting everyone to the UX test of a new security feature in the WP Toolkit
    For WordPress site owners, threats posed by hackers are ever-present. Because of this, we are developing a new security feature for the WP Toolkit. If the topic of WordPress website security is relevant to you, we would be grateful if you could share your experience and help us test the usability of this feature. We invite you to join us for a 1-hour online session via Google Meet. Select a convenient meeting time with our friendly UX staff here.

Issue Apache CVE-2021-44224 / 44790

simon jiang said:
Apache has released new vulnerabilities and patched versions. Does this vulnerability affect Plesk?
If so, when will the Plesk update package be released?
Click to expand...
This is an OS problem, not a Plesk problem.

In our case, Ubuntu will backport the fixes to the Apache release that they used for each of their OS releases, but in due course...
They haven't done that yet (at the time of this post) but they will / normally always do

CVE-2021-44224 | Ubuntu

Ubuntu is an open source software operating system that runs from the desktop, to the cloud, to all your internet connected things.
ubuntu.com ubuntu.com

CVE-2021-44790 | Ubuntu

Ubuntu is an open source software operating system that runs from the desktop, to the cloud, to all your internet connected things.
ubuntu.com ubuntu.com

So, you'll need to follow this up with whichever OS you're using.
 
learning_curve said:
This is an OS problem, not a Plesk problem.

In our case, Ubuntu will backport the fixes to the Apache release that they used for each of their OS releases, but in due course...
They haven't done that yet (at the time of this post) but they will / normally always do

CVE-2021-44224 | Ubuntu

Ubuntu is an open source software operating system that runs from the desktop, to the cloud, to all your internet connected things.
ubuntu.com ubuntu.com

CVE-2021-44790 | Ubuntu

Ubuntu is an open source software operating system that runs from the desktop, to the cloud, to all your internet connected things.
ubuntu.com ubuntu.com

So, you'll need to follow this up with whichever OS you're using.
Click to expand...

Sorry, I would like to ask you again, my OS is CentOS: 7.7.1908
Apache/2.4.6 (CentOS)

Is there a way to upgrade to Apache 2.4.52?
 
simon jiang said:
~~ my OS is CentOS: 7.7.1908 Apache/2.4.6 (CentOS)

Is there a way to upgrade to Apache 2.4.52?
Click to expand...
As stated previously and confirmed in our forum sig, we use Ubuntu for OS, we don't use CentOS, so we can't answer this question sorry.
Plesk supports Apache 2.4 as stated here: Software Requirements for Plesk Onyx
However, your actual question... is about Apache 2.4 updates, when using CentOS as the OS on your server.
Other Plesk users who also use CentOS might post an answer here, but you should really follow this up on CentOS forums first of all.
 
Redhat (the upstream of CentOS 7) backports security vulnerabilities to their packages, but the software version will not change:
www.redhat.com

What is backporting, and how does it apply to RHEL and other Red Hat products?

Version numbers are important, but aren't always what they seem at first glance. Red Hat, for example, often backports updates to the software we ship in Red Hat Enterprise Linux (RHEL) to maintain the version that we shipped.
www.redhat.com www.redhat.com

Regarding CVE-2021-44224, please see here:

So to summarize: Apache httpd that comes with CentOS 7 is not affected.
 
Monty said:
Redhat (the upstream of CentOS 7) backports security vulnerabilities to their packages, but the software version will not change:
www.redhat.com

What is backporting, and how does it apply to RHEL and other Red Hat products?

Version numbers are important, but aren't always what they seem at first glance. Red Hat, for example, often backports updates to the software we ship in Red Hat Enterprise Linux (RHEL) to maintain the version that we shipped.
www.redhat.com www.redhat.com

Regarding CVE-2021-44224, please see here:

So to summarize: Apache httpd that comes with CentOS 7 is not affected.
Click to expand...

Thank you for your reply, sorry for the trip last week, I will continue to look for answers, and I will share with you new information. thank you all.
 
You must log in or register to reply here.

Similar threads

D
Question vulnerability CVE-2021-21708 - PHP Code Execution
Replies
1
Views
1K
IgorG
IgorG
Lenny
Resolved Seeking Assistance with API Communication Issues via SSL on Plesk
Replies
4
Views
809
Lenny
Lenny
G
Resolved The repository does not have a Release file
Replies
4
Views
9K
Goodfred
G
A
Issue 500 internal server error
Replies
6
Views
2K
adv1453
A
S
Resolved Apt/PUM update on Ubuntu 16.04 failing with missing PHP 7.3 Release file
Replies
8
Views
7K
mow
M
Back
Top