Folks,
Trying to solve some problems with a Trustwave security scan done on one of our servers. The server failed because of an apache issue, CVE-2019-0211.
The server uses just the ubuntu repositories and is currently on 2.4.29 - actual package 2.4.29-1ubuntu4.11
I checked the Ubuntu site and they report a backported fix in 2.4.29 in package 2.4.9-1ubunut4.6
So we should be good, trouble is the Trustwave scanner just looks at the version reported by Apache
and it wants to see at least 2.4.39
Now we can inhibit Apache from reporting version info, that would quiet the scan... I also know I can add another
repository and bring the system up to a current apache 2.4.41, but we like to keep things just on Ubuntu.
So.... I know this must be affecting other installations. Is there a way Ubuntu can just update the Apache version
to the latest from their distribution sites?
Thanks!
John
Bookmarks