LinuxQuestions.org
Help answer threads with 0 replies.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices

Reply
 
Search this Thread
Old 11-18-2004, 11:32 AM   #1
jon3k
Member
 
Registered: Jun 2003
Posts: 52

Rep: Reputation: 15
Apache - New Vulnerabilities (RH9)


I've got a redhat 9 box with a little problem:

[root@dhgweb root]# httpd -version
Server version: Apache/2.0.40

Which I believe to be vulnerable to the new apache bug:
http://www.cve.mitre.org/cgi-bin/cve...=CAN-2004-0942

I've got httpd installed via rpm, and I'd like to keep it that way, but I can't find an RPM for Redhat9 thats any newer than version 2.0.40.

What should I do?
 
Old 11-18-2004, 11:42 AM   #2
TruckStuff
Member
 
Registered: Apr 2002
Posts: 498

Rep: Reputation: 30
Re: Apache - New Vulnerabilities (RH9)

Quote:
Originally posted by jon3k
What should I do?
Be a real man and compile from the source. Easy to do:
Code:
./configure --prefix=/var/www (or whatever your current home dir is) --enable-ssl --with-ssl=/path/to/your/openssl/files (e.g. /usr)
make
makeinstall
May need to create a few symlinks from old httpd files to new ones, but that's about it
 
Old 11-18-2004, 11:48 AM   #3
jon3k
Member
 
Registered: Jun 2003
Posts: 52

Original Poster
Rep: Reputation: 15
This box will be in production for another month, tops. I'm really trying not to expend any more effort than necessary to keep it alive until then. I'm perfectly capable of building it from source, I'd just rather not waste the time to end up throwing it in the dumpster a couple weeks from now.
 
Old 11-18-2004, 12:43 PM   #4
Hangdog42
LQ Veteran
 
Registered: Feb 2003
Location: Maryland
Distribution: Slackware
Posts: 7,791
Blog Entries: 1

Rep: Reputation: 414Reputation: 414Reputation: 414Reputation: 414Reputation: 414
Well, if you can't find an RPM and you don't want to compile from source, about all you can do is keep your backups current and your fingers crossed.....
 
Old 11-18-2004, 03:15 PM   #5
Capt_Caveman
Senior Member
 
Registered: Mar 2003
Distribution: Fedora
Posts: 3,658

Rep: Reputation: 57
The only place I'm aware of that has RH9 updates past the End-of-Life date is http://fedoralegacy.org . They have a RPM repo that is current through 10/27/04, but they don't have the Apache DoS advisory listed yet. However there is a http rpm in the updates-testing repo that is dated from yesterday (11/17/4), but I'm not positive if that is patched against it.

Here's a link to their RH9 RPM rep:
http://download.fedoralegacy.org/redhat/9/
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
WARN: Firefox Vulnerabilities Capt_Caveman Linux - Security 6 05-17-2005 01:59 AM
IE Vulnerabilities, why not in other browsers? mandrakemikael Linux - Security 3 09-28-2004 12:43 PM
WARN: Kerberos Vulnerabilities Capt_Caveman Linux - Security 0 09-01-2004 09:53 PM
sendmail vulnerabilities odious1 Linux - Security 5 11-17-2003 10:06 AM
More BIND vulnerabilities jeremy Linux - Security 0 01-31-2001 09:29 PM


All times are GMT -5. The time now is 01:02 PM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration