upgrade centos apache to httpd-2.2.23
Solution 1
Backup your apache config files, uninstall httpd , httpd-devel and any other httpd package,then you can manually download rpm's from here.
And install it with yum or rpm.
yum localinstall pkg_name
rpm -ivh pkg_name
Hope this helps!
Solution 2
You have nothing to do to your server.
You do need to provide this information to your PCI compliance auditor.
Solution 3
Don't change anything.
Red Hat (and by extension, CentOS) gets security fixes backported from newer versions, instead of upgrading to newer versions wholesale and potentially introducing compatibility problems.
In this case, there's no backport because the packaged version is not vulnerable. See here; this result from the scan is a false positive.
Raw version number matching for vulnerability checking is often inaccurate; consider changing to ServerTokens Prod
.
Related videos on Youtube
Tim Duncklee
Updated on September 18, 2022Comments
-
Tim Duncklee over 1 year
A security vulnerability was found in Apache in April 2012 that is a PCI compliance issue: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-0883
I have always kept my servers (CentOS) up to date with yum. I've been unable to find a repo with httpd-2.2.23 (currently running 2.2.22). It's been a really long time since I've built anything from source so I'm not thrilled about doing it but will if needed.
My question is, how do I go about this and NOT break the yum update process?
TD
-
Admin over 11 yearsThe link to pkgs.org is actually a link to an rpm at centos.alt.ru. I'm leery of anything @ .ru additionally, the site is non-responsive. Anywhere else to find the rpm?
-
alan978 over 11 yearsyou can try to follow instructions from here httpd.apache.org/docs/2.4/platform/rpm.html Other options are compile it by yourself or wait for update
-
Michael Hampton over 11 yearsIf you aren't running the Apache that came with CentOS, why does your question imply that you are? You should be specific about the environment if you want an answer that's appropriate to you.
-
Tim Duncklee over 11 yearsMichael, I apologize. I assumed the version number would indicate that I was not running "stock" versions. I will do my best to be clearer from now on. Thx. TD