Review your favorite Linux distribution.
Go Back > Forums > Linux Forums > Linux - Security
User Name
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.


  Search this Thread
Old 11-18-2004, 10:32 AM   #1
Registered: Jun 2003
Posts: 52

Rep: Reputation: 15
Apache - New Vulnerabilities (RH9)

I've got a redhat 9 box with a little problem:

[root@dhgweb root]# httpd -version
Server version: Apache/2.0.40

Which I believe to be vulnerable to the new apache bug:

I've got httpd installed via rpm, and I'd like to keep it that way, but I can't find an RPM for Redhat9 thats any newer than version 2.0.40.

What should I do?
Old 11-18-2004, 10:42 AM   #2
Registered: Apr 2002
Posts: 498

Rep: Reputation: 30
Re: Apache - New Vulnerabilities (RH9)

Originally posted by jon3k
What should I do?
Be a real man and compile from the source. Easy to do:
./configure --prefix=/var/www (or whatever your current home dir is) --enable-ssl --with-ssl=/path/to/your/openssl/files (e.g. /usr)
May need to create a few symlinks from old httpd files to new ones, but that's about it
Old 11-18-2004, 10:48 AM   #3
Registered: Jun 2003
Posts: 52

Original Poster
Rep: Reputation: 15
This box will be in production for another month, tops. I'm really trying not to expend any more effort than necessary to keep it alive until then. I'm perfectly capable of building it from source, I'd just rather not waste the time to end up throwing it in the dumpster a couple weeks from now.
Old 11-18-2004, 11:43 AM   #4
LQ Veteran
Registered: Feb 2003
Location: Maryland
Distribution: Slackware
Posts: 7,803
Blog Entries: 1

Rep: Reputation: 416Reputation: 416Reputation: 416Reputation: 416Reputation: 416
Well, if you can't find an RPM and you don't want to compile from source, about all you can do is keep your backups current and your fingers crossed.....
Old 11-18-2004, 02:15 PM   #5
Senior Member
Registered: Mar 2003
Distribution: Fedora
Posts: 3,658

Rep: Reputation: 69
The only place I'm aware of that has RH9 updates past the End-of-Life date is . They have a RPM repo that is current through 10/27/04, but they don't have the Apache DoS advisory listed yet. However there is a http rpm in the updates-testing repo that is dated from yesterday (11/17/4), but I'm not positive if that is patched against it.

Here's a link to their RH9 RPM rep:


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
WARN: Firefox Vulnerabilities Capt_Caveman Linux - Security 6 05-17-2005 12:59 AM
IE Vulnerabilities, why not in other browsers? mandrakemikael Linux - Security 3 09-28-2004 11:43 AM
WARN: Kerberos Vulnerabilities Capt_Caveman Linux - Security 0 09-01-2004 08:53 PM
sendmail vulnerabilities odious1 Linux - Security 5 11-17-2003 09:06 AM
More BIND vulnerabilities jeremy Linux - Security 0 01-31-2001 08:29 PM > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 11:14 AM.

Main Menu
Write for LQ is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration