Apache

jon3k · 11-18-2004, 10:32 AM

I've got a redhat 9 box with a little problem:

[root@dhgweb root]# httpd -version
Server version: Apache/2.0.40

Which I believe to be vulnerable to the new apache bug:
http://www.cve.mitre.org/cgi-bin/cve...=CAN-2004-0942

I've got httpd installed via rpm, and I'd like to keep it that way, but I can't find an RPM for Redhat9 thats any newer than version 2.0.40.

What should I do?

TruckStuff · 11-18-2004, 10:42 AM

Quote:

Originally posted by jon3k
What should I do?

Be a real man and compile from the source.

Easy to do:

Code:

./configure --prefix=/var/www (or whatever your current home dir is) --enable-ssl --with-ssl=/path/to/your/openssl/files (e.g. /usr)
make
makeinstall

May need to create a few symlinks from old httpd files to new ones, but that's about it

jon3k · 11-18-2004, 10:48 AM

This box will be in production for another month, tops. I'm really trying not to expend any more effort than necessary to keep it alive until then. I'm perfectly capable of building it from source, I'd just rather not waste the time to end up throwing it in the dumpster a couple weeks from now.

Hangdog42 · 11-18-2004, 11:43 AM

Well, if you can't find an RPM and you don't want to compile from source, about all you can do is keep your backups current and your fingers crossed.....

Capt_Caveman · 11-18-2004, 02:15 PM

The only place I'm aware of that has RH9 updates past the End-of-Life date is http://fedoralegacy.org . They have a RPM repo that is current through 10/27/04, but they don't have the Apache DoS advisory listed yet. However there is a http rpm in the updates-testing repo that is dated from yesterday (11/17/4), but I'm not positive if that is patched against it.

Here's a link to their RH9 RPM rep:
http://download.fedoralegacy.org/redhat/9/