dpouliot
November 14th, 2012, 11:54 PM
Our vendor that runs the vulnerability scans just failed my server:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3192
according to them I need to upgrade to 2.2.20 ( currently, 2.2.14).
apt-get install -s apache2
says
apache2 is already the newest version.
I understand I should not deviate from package managers as they do a lot of testing to ensure that latest versions do not cause problems. I also understand that my Apache version number may not indicate additional patches that have been installed. I'll run another scan tonight, perhaps I updated my Apache since the failure and didn't pay close enough attention (since the version number doesn't change, that throws me).
Assuming it fails again, what are my options? I would rather not deviate from the package managers. Are there any devs here who can give me an idea when a newer version of Apache will become available to 10.04?
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3192
according to them I need to upgrade to 2.2.20 ( currently, 2.2.14).
apt-get install -s apache2
says
apache2 is already the newest version.
I understand I should not deviate from package managers as they do a lot of testing to ensure that latest versions do not cause problems. I also understand that my Apache version number may not indicate additional patches that have been installed. I'll run another scan tonight, perhaps I updated my Apache since the failure and didn't pay close enough attention (since the version number doesn't change, that throws me).
Assuming it fails again, what are my options? I would rather not deviate from the package managers. Are there any devs here who can give me an idea when a newer version of Apache will become available to 10.04?