Upgrading Apache (again)

[Hondy]

Hi

The latest version of Apache for release that I can see is 2.2.11, I'm running 2.2.8.

A scanner I use tells me there are some issues with the currently in use version.

Running a "yum update httpd" finds no new updates, I have read about backporting but it sounds a little hairy.

I realise that just because 2.2.11 is out that it doesn't mean CentOS/RHL deems it necessary. So how do I make sure my server has the latest security patches?

Thanks

 

[thedaver]

1) compare change notes from your distro's build of apache to the change notes from apache, look for gaps and evaluate

2) change distros to one that maintains apache to your degree of urgency

3) compile apache yourself from apache source

4) watch for any configuration changes that are recommended as part of the security/vulnerability posture. It's possible that some configuration work on your part can reduce the impact of known vulns




D.E.R. Management - IT Project Management Consulting

http://www.dermanagement.com/

 

[Hondy]

2 sounds like the most sensible option for me I think.

Thanks

 

[RhythmAce]

Number 1 makes a lot of sense also. Any time there is an upgrade you should read the notes to see what that change is. Many times it has nothing to do with the version you are running. If it is a security update, make sure your distro hasn't already implemented it.