Fix CVE-2009-0796 Ubuntu Hardy

Mark Walker asked:

I have a server running Ubuntu 8.04 which is currently PCI-DSS compliant.

The latest security scan has brought up issue CVE-2009-0796

This requires installing a version of libapache2-mod-perl2 (2.0.4-6ubuntu1) that is not available in the ubuntu hardy repositories.

What is the best solution for this without updating the base server version?

My answer:


If you aren’t running perl CGI scripts (most people don’t) then disable mod_perl entirely.

If you must have mod_perl installed, disable perl-status if you had it enabled.

If you weren’t using perl-status, this issue does not apply to your system.

Oh, and file a security bug in launchpad and ask why in the world they haven’t pushed a security update for hardy.


View the full question and answer on Server Fault.

Creative Commons License
This work is licensed under a Creative Commons Attribution-ShareAlike 3.0 Unported License.