Apache 2.4.xx Updates

Discussion in 'General' started by Thane, Feb 21, 2019.

  1. Thane

    Thane New Member HowtoForge Supporter

    apt update isn't grabbing new Apache versions, the version 2.4.25 (installed during setup) has a lot of reported vulnerabilities. Is anyone else updating this some other way?
     
  2. nhybgtvfr

    nhybgtvfr Active Member

    you don't say what OS you're using.
    it's most likely just that 2.4.25 is the latest version in the repo.

    I'm running ubuntu 18.04, and using the ondrej apache2 repo (add-apt-repository ppa:eek:ndrej/apache2) which currently installs apache 2.4.38
     
  3. Taleman

    Taleman Well-Known Member HowtoForge Supporter

    The OS maintainers backport important security fixes, so the apache version may show some old, but to see if the security fixes are applied you have to check the change logs for your operating system. My quess is the vulnerabilities are fixed if you have installed the updated versions for your OS.
     
  4. Thane

    Thane New Member HowtoForge Supporter

    Thanks for the comments!
    I'm running Debian 9.8
    Thanks @Taleman for the idea, I cross checked the last few OS update changelogs against the Apache vulnerabilities list and indeed I did see the OS updates included patches for many of the vulnerabilities without updating Apache to a newer version (you were right!). I only checked the last 3 OS updates but it did show several of the vulnerabilities as being patched (I'm sure Debian fixed them all, lol), so that pretty much answers my question perfectly, also makes me feel safer :D
     

Share This Page