apache updates
Alexander Dalloz
ad+lists at uni-x.org
Thu Jun 9 18:31:17 UTC 2005
Am Do, den 09.06.2005 schrieb Michael E. Webster um 20:04:
> I'm currently running FC3 with Apache 2.0.52 on about 20 servers.
> Several different security
> scan programs are showing two vulnerabilities and want me to 'upgrade
> apache' to the latest
> and greatest version (2.0.54) but I'm not having any luck finding it
> in any repositories. I can
> force install the new rpm, but I don't want to break anything.
Would be good if you had mentioned the CAN numbers of the
vulnerabilities you get noted about (CVE CAN-2004-0942 and
CAN-2004-0885? they are fixed in httpd-2.0.52-3.1). You can check
against "rpm -q --changelog httpd | less" output.
> I suppose my first question is if anyone knows of a repository where I
> can use apt or yum to
> grab apache 2.0.54.
As soon as FC4 is released I guess Joe Orton will have time to release
an update for FC3 if things are to be fixed.
> My second question would be if / when apache 2.0.54 will be added to
> major repositories such
> as freshrpms and others.
From my point of view third party repositories should not exchange Core
packages, though some do like Dag's or ATrpms. But I see none which has
a self build httpd (Apache2).
> Third, will manually installing 2.0.54 break dependencies for my
> current apt / yum configuration?
It will have effects to your update tool setup as you will have to care
for avoiding conflicts. If you compile from sources and thus you will
have to care for security updates yourself, well, you then have a big
job doing so for 20 hosts. So always better to use RPMs. But again,
which security issues are they you claim to need fixes?
> Mike
Alexander
P.S. http://www-personal.ksu.edu/~seabra/linux/FedoraRules.html
-> NO HTML MAIL, PLEASE
--
Alexander Dalloz | Enger, Germany | GPG http://pgp.mit.edu 0xB366A773
legal statement: http://www.uni-x.org/legal.html
Fedora Core 2 GNU/Linux on Athlon with kernel 2.6.11-1.27_FC2smp
Serendipity 20:17:14 up 16 days, 18:54, load average: 0.44, 0.28, 0.10
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: Dies ist ein digital signierter Nachrichtenteil
URL: <http://listman.redhat.com/archives/fedora-list/attachments/20050609/c753ff13/attachment-0001.sig>
More information about the fedora-list
mailing list