I scan a server using Nessus. In the report I have some holes like:
--------------------------------
The remote host is running a version of Apache2 which is older than 2.0.51.
It is reported that versions prior 2.0.51 are prone to a remote denial of
service issue. An attacker may issue a specific sequence of DAV LOCK commands
to crash the process. If Apache is configured to use threads, it may
completely crash the Apache process.
In addition to this, versions prior 2.0.51 are prone to a remote buffer
overflow when parsing an URI sent over IPv6. An attacker may use this flaw
to execute arbitrary code on the remote host or to deny service to legitimate
users.
See also :
http://nagoya.apache.org/bugzilla/show_bug.cgi?id=31183
Solution : Upgrade to Apache 2.0.51
Risk factor : High
CVE : CVE-2004-0786, CVE-2004-0747, CVE-2004-0751, CVE-2004-0748, CVE-2004-0809
BID : 11185, 11187
Nessus ID : 14748
------------------------------------
The server is a Mandriva Corporate 3.0 and I made the security updates daily. My question is: This security updates solve the problem reported by Nessus scanner or I must download the last Apache version and install it on the server.