1

Our PCI scan alerted us to vulnerabilities in Apache 2.4.7. while these affect modules we aren't even using, in order to pass the scan I'd have to upgrade to 2.4.12. It seems that apt-get upgrade does not do this atm.

Consequently, I have a few questions:

Does anyone know if it is safe to do this with a PPA? I'd guess no.

Should I just wait until it is include in the existing Ubuntu repos?

Is there a way to find out if/when it will be included in the Ubuntu repos?

Kind of a novice question, because I'm a novice.

deatmcdoom
  • 33

1 Answers1

1

TL;DR Your questions can not be answered definitively.

I do not think there will be more greater updates in Trusty, except security updates. To install version 2.4.10 you need at least Utopic. But even in Wily is currently no version 2.4.12.

You can download and compile Apache HTTP Server 2.4.12 (httpd). That's more secure than adding a PPA and you do not have to wait for Ubuntu updates. A bumpy road, but passable. ;)

cd
wget http://apache.openmirror.de//httpd/httpd-2.4.12.tar.gz
tar xf httpd-2.4.12.tar.gz
cd httpd-2.4.12
./configure
make
make install

There would be a lot of missing dependencies in the configure step. These must be resolved before you can with make.

A.B.
  • 92,125