[rhn-users] Apache Vulnerability
Jesse Becker
jbecker at northwestern.edu
Thu Jun 8 20:14:04 UTC 2006
On Thu, Jun 08, 2006 at 02:13:49PM -0400, Vicki Boles wrote:
> I really need some help here....
>
> My Linux guy is on vacation.....
> After running a security scan.....
> My Linux server running Red Hat Enterprise Linux ES Standard has a
> vulnerability concerning Apache.
> Currently running version 2.0...... download version 2.2 from the Apache
> website.... the file has a *tar* extension....
You might want to step back a second, and not do anything hasty.
What vulnerability, *specificailly*, do you think affects you? Red Hat will
frequently "backport" fixes in major programs (like Apache), to an "older
release." Your security scan should have a note about a CVE number, such as
"CVE CAN-2003-0542" (that's an old one from 2003).
Once you have the vulnerability ID, check to see if Red Hat has fixed it in
their "current' 2.0 version of Apache. If they have fixed it in a recent
release of an Apache RPM, then you should be safe from this particular attack.
Now, it may well be that you have to install Apache 2.2. This will probably
break a number of things (as mentioned elsewhere in the thread), since all of
the .RPM packages with modules are associated with the 2.0 package. If you
still want to build an RPM, then try this command:
rpmbuild -ta httpd-2.2.2.tar.gz
(obviously, use the actual file you downloaded)
--
Jesse Becker
GPG-fingerprint: BD00 7AA4 4483 AFCC 82D0 2720 0083 0931 9A2B 06A2
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 1811 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/rhn-users/attachments/20060608/0d52a2cc/attachment.sig>
More information about the rhn-users
mailing list