1

Our PCI scan alerted us to vulnerabilities in Apache 2.4.7. while these affect modules we aren't even using, in order to pass the scan I'd have to upgrade to 2.4.12. It seems that apt-get upgrade does not do this atm.

Consequently, I have a few questions:

Does anyone know if it is safe to do this with a PPA? I'd guess no.

Should I just wait until it is include in the existing Ubuntu repos?

Is there a way to find out if/when it will be included in the Ubuntu repos?

Kind of a novice question, because I'm a novice.

deatmcdoom
  • 33
  • the latest for Trusty Tahr in its official repos is: 2.4.7-1ubuntu4.4 but you can upgrade it to newer one using commands like suggested in A.B.'s answer. – JoKeR Jul 08 '15 at 17:41
  • Did you just use apt-cache policy to find the latest? Or, is there some where this is list that I should just Google for more. – deatmcdoom Jul 08 '15 at 17:51
  • 1
    Yes simply apt-cache policy apache2. Or the Ubuntu Package Search – A.B. Jul 08 '15 at 17:53
  • apt-cache policy gives you results for packages that you have in currently enabled repositories. Also you can search with apt search command. – JoKeR Jul 08 '15 at 17:54

1 Answers1

1

TL;DR Your questions can not be answered definitively.

I do not think there will be more greater updates in Trusty, except security updates. To install version 2.4.10 you need at least Utopic. But even in Wily is currently no version 2.4.12.

You can download and compile Apache HTTP Server 2.4.12 (httpd). That's more secure than adding a PPA and you do not have to wait for Ubuntu updates. A bumpy road, but passable. ;)

cd
wget http://apache.openmirror.de//httpd/httpd-2.4.12.tar.gz
tar xf httpd-2.4.12.tar.gz
cd httpd-2.4.12
./configure
make
make install

There would be a lot of missing dependencies in the configure step. These must be resolved before you can with make.

A.B.
  • 90,397