upgrade centos apache to httpd-2.2.23

apache-2.2 httpd centos5
5,059

Solution 1

Backup your apache config files, uninstall httpd , httpd-devel and any other httpd package,then you can manually download rpm's from here.

And install it with yum or rpm.

yum localinstall pkg_name
rpm -ivh pkg_name

Hope this helps!

Solution 2

You have nothing to do to your server.

According to Red Hat, the versions of Apache shipped with RHEL (and by extension, CentOS) are not vulnerable to this attack.

You do need to provide this information to your PCI compliance auditor.

Solution 3

Don't change anything.

Red Hat (and by extension, CentOS) gets security fixes backported from newer versions, instead of upgrading to newer versions wholesale and potentially introducing compatibility problems.

In this case, there's no backport because the packaged version is not vulnerable. See here; this result from the scan is a false positive.

Raw version number matching for vulnerability checking is often inaccurate; consider changing to ServerTokens Prod.

Share:
5,059

Related videos on Youtube

Tim Duncklee
Author by

Tim Duncklee

Updated on September 18, 2022

Comments

  • Tim Duncklee
    Tim Duncklee over 1 year

    A security vulnerability was found in Apache in April 2012 that is a PCI compliance issue: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-0883

    I have always kept my servers (CentOS) up to date with yum. I've been unable to find a repo with httpd-2.2.23 (currently running 2.2.22). It's been a really long time since I've built anything from source so I'm not thrilled about doing it but will if needed.

    My question is, how do I go about this and NOT break the yum update process?

    TD

  • Admin
    Admin over 11 years
    The link to pkgs.org is actually a link to an rpm at centos.alt.ru. I'm leery of anything @ .ru additionally, the site is non-responsive. Anywhere else to find the rpm?
  • alan978
    alan978 over 11 years
    you can try to follow instructions from here httpd.apache.org/docs/2.4/platform/rpm.html Other options are compile it by yourself or wait for update
  • Michael Hampton
    Michael Hampton over 11 years
    If you aren't running the Apache that came with CentOS, why does your question imply that you are? You should be specific about the environment if you want an answer that's appropriate to you.
  • Tim Duncklee
    Tim Duncklee over 11 years
    Michael, I apologize. I assumed the version number would indicate that I was not running "stock" versions. I will do my best to be clearer from now on. Thx. TD

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

httpd keeps crashing without any reference to why in the logs
"bash: setup:command not found" error on CentOS
How can I install httpd 2.2 in /etc/ directory in CentoOS 7
Best Apache & MySQL config for 16GB and 8 Cores
How to add /home/user/public_html as virtual host in apache - centos
Running CGI With Perl under Apache Permission Problem
AH00027: No authentication done error after upgrading from Apache 2.2 to 2.4
High RAM usage by Apache without any visitors
'txn-current-lock': Permission denied [500, #13] - Subversion + Apache Configuration Issue
What is bottleneck of my Apache server?