upgrade centos apache to httpd-2.2.23

Tim Duncklee asked:

A security vulnerability was found in Apache in April 2012 that is a PCI compliance issue:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-0883

I have always kept my servers (CentOS) up to date with yum. I’ve been unable to find a repo with httpd-2.2.23 (currently running 2.2.22). It’s been a really long time since I’ve built anything from source so I’m not thrilled about doing it but will if needed.

My question is, how do I go about this and NOT break the yum update process?

TD

My answer:


You have nothing to do to your server.

According to Red Hat, the versions of Apache shipped with RHEL (and by extension, CentOS) are not vulnerable to this attack.

You do need to provide this information to your PCI compliance auditor.


View the full question and answer on Server Fault.

Creative Commons License
This work is licensed under a Creative Commons Attribution-ShareAlike 3.0 Unported License.