Page 2 of 2 FirstFirst 12
Results 11 to 15 of 15

Thread: How to force Ubuntu to upgrade Apache to 2.2.17

  1. #11
    Join Date
    Oct 2011
    Beans
    3

    Re: How to force Ubuntu to upgrade Apache to 2.2.17

    Thanks Dangertux. I've been googling and that's what led me here. I'll search around for your previous posts. Cool blog btw. Interesting stuff.

  2. #12
    Join Date
    Jun 2011
    Location
    Atlanta Georgia
    Beans
    1,769
    Distro
    Ubuntu 10.04 Lucid Lynx

    Re: How to force Ubuntu to upgrade Apache to 2.2.17

    Quote Originally Posted by DanielDan View Post
    Thanks Dangertux. I've been googling and that's what led me here. I'll search around for your previous posts. Cool blog btw. Interesting stuff.

    Thanks -- I'm glad you like it, I should really reblog the 3 majorly accepted workarounds since I always go looking for them but here is one that works as well.

    https://bechtsoudis.com/hacking/use-...apache-killer/

  3. #13
    Join Date
    Nov 2008
    Location
    Metro Boston
    Beans
    12,211
    Distro
    Kubuntu 14.04 Trusty Tahr

    Re: How to force Ubuntu to upgrade Apache to 2.2.17

    2.2.14-5ubuntu8.6 for Lucid contains the patch for the range exploit. If you've updated recently and have that version, you should be protected.

    I'm still using the "SetEnvIf Range" method that the Apache Foundation described while they were developing the patch. I don't stream video or other large files where byte ranges matter.

    See also http://www.ubuntu.com/usn/USN-1199-1/.

  4. #14
    Join Date
    Apr 2013
    Beans
    1

    Re: How to force Ubuntu to upgrade Apache to 2.2.17

    I love how nobody here has given anything resembling an answer to the original question as it was asked.

    If someone wants to upgrade Apache to 2.2.17, they probably have a specific reason for doing so. Saying "well just trick the scan site" into thinking it's a proper version isn't an answer. Saying that you shouldn't bother to upgrade Apache isn't an answer.

    This thread is a waste of time for anyone trying to upgrade Apache for whatever reason they want to.

  5. #15
    Join Date
    Oct 2009
    Beans
    Hidden!
    Distro
    Ubuntu 16.04 Xenial Xerus

    Re: How to force Ubuntu to upgrade Apache to 2.2.17

    Quote Originally Posted by mmazing View Post
    I love how nobody here has given anything resembling an answer to the original question as it was asked.

    If someone wants to upgrade Apache to 2.2.17, they probably have a specific reason for doing so. Saying "well just trick the scan site" into thinking it's a proper version isn't an answer. Saying that you shouldn't bother to upgrade Apache isn't an answer.

    This thread is a waste of time for anyone trying to upgrade Apache for whatever reason they want to.
    No suggestions on how to upgrade Apache then?

    The answer to the OP's question is here:

    Quote Originally Posted by Dangertux View Post
    Edit : wow this is an old thread and not even related to CVE-2011-3192. Ugh to the OP the correct answer is don't hire compliance auditors that only use automated scanning tools.
    That being said, the thread is from 2011 and was regarding Ubuntu 10.10, which is End of Life.
    Come to #ubuntuforums! We have cookies! | Basic Ubuntu Security Guide

    Tomorrow's an illusion and yesterday's a dream, today is a solution...

Page 2 of 2 FirstFirst 12

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •