On 08.12.18 16:22, Snyder, Alexander wrote:
> That's what I'm asking. We're considering updating Spacewalk, if the httpd version is greater than minor version 29, if not we can upgrade just httpd alone with the rpm package.

Again: httpd is not "bundled" with spacewalk. I've just checked the
dependencies of the spacewalk 2.7 and spacewalk 2.8 installation on
CentOS 7: there is only a dependency with httpd not with httpd24-httpd
from the sclo repo.

There is also no dependency to any specific httpd version, thus if you
install spacewalk 2.7 or spacewalk 2.8 on a new CentOS 7.6 server it
will install httpd version 2.4.6-88.el7.centos as part of the dependencies.

If you use httpd24-httpd from the sclo repository you must have manually
installed it. If there is no update available you must have manually
removed the repository. Otherwise it should automatically update
httpd24-httpd to the latest version as part of a normal "yum update" of
your base system.

Upgrading to spacewalk 2.8 won't change the httpd version. The spacewalk
installation does not depend on a specific httpd version nor is there
any httpd rpm in the spacewalk repositories.

So why did you install httpd from the sclo repository instead of the
standard base repository to begin with?

-Gerald

>
> Are there any known bugs with httpd 2.4.34 and SW 2.7?
>
> Thanks,
> Alexander
> Linux Systems Administrator
>
> Sent from my iPhone 8+
>
>> On Dec 7, 2018, at 11:49 PM, Robert Paschedag <***@web.de> wrote:
>>
>> Am 7. Dezember 2018 22:49:13 MEZ schrieb "Snyder, Alexander" <***@earlywarning.com>:
>>> I'm currently using Spacewalk 2.7, and it comes bundled with
>>> httpd24-httpd-2.4.27, which is affected by "CVE-2017-15715".
>>>
>>> I'm trying to find the httpd24-httpd version bundled with Spacewalk
>>> 2.80.
>>>
>>> Would it be suggested to upgrade to 2.8, or should upgrading with
>>> httpd24-httpd-2.4.34-7.el7.x86_64.rpm be sufficient.
>>>
>>> Any help on that is appreciated.
>>>
>>> Thank you.
>>>
>>> Alexander Snyder | Linux Systems Administrator
>>> Direct 480.426.2081
>>> After Hours: 480.656.6969
>>> Email
>>> ***@earlywarning.com<mailto:***@earlywarning.com>
>>> www.earlywarning.com<http://www.earlywarning.com/>
>>> [cid:***@01D46A16.1B20B4A0]
>>> [cid:***@01D46A16.1B20B4A0]Please consider the environment
>>> before printing this message
>>> This email transmission may contain confidential and/or private
>>> information, which is the property of the sender. The information in
>>> this email or attachments thereto is intended for the attention and the
>>> use only of the addressee. If you are not the intended recipient, you
>>> are hereby notified that any disclosure, copying, or distribution of
>>> the contents of this email transmission, or the taking of any action in
>>> reliance thereon or pursuant thereto, is strictly prohibited. Should
>>> you have received this email in error, please contact the sender and
>>> delete and destroy all copies of the original message.
>>
>> Why not just update httpd?
>> --
>> sent from my mobile device
>
> _______________________________________________
> Spacewalk-list mailing list
> Spacewalk-***@redhat.com
> https://www.redhat.com/mailman/listinfo/spacewalk-list
>