Are you all hardcore or what? :P
Just get the tarballs and compile? especially for apache. Apache has so many options that you will probably never need and is not one of the most secured packages out of the box.
As a security consultant I would recomend spending time to compile from sources over any for on binary instaal at any time of the day (NOOO please on calles after 11 pm during weekdays) and take a good look at your httpd.conf afterwards to disable anything that you dont need. It is a lot of work but it could save you more work afterwards filling in techreports to the right instances after (possible successfull) hack attempts
Every opinion i here express is my own. no right or flame wars should be derived form it. I will simple ignore them anyway hihi