Upgrade Apache on CentOS

Hi there,

We need to update our Apache server for PCI compliance however I'm struggling to find out how to do it..

We are running: httpd-2.2.3-53.el5.centos.3

I have tried following http://www.thegeekstuff.com/2008/09/how-to-install-or-upgrade-lamp-apache-mysql-and-php-stack-on-linux-using-yum/
to upgrade it, but just get told there are no updates. But I am sure there is.

Any advice?
LVL 1
Luke_flemingAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

farzanjCommented:
Run this command
yum list available | grep http

Do you see any better version?

You are using CentOS5 and it is possible that there isn't a newer version available for it.  On CentOS6, I have a slightly better version.
In the worst case, you will have to download the source and either install from source or build RPM yourself.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Luke_flemingAuthor Commented:
It gives us:

httpd-devel.i386                             2.2.3-53.el5.centos.3        update
httpd-manual.i386                            2.2.3-53.el5.centos.3        update

Not too sure what they are exactly though.

However our PCI compliance is telling us there is a version 2.2.14:
"Based on the version information returned in the banner of the remote host, it appears that the device is running the Apache service prior to the 2.2.14 release. Multiple vulnerabilities were fixed with this release: mod_proxy_ftp allows remote attackers to bypass access restrictions (CVE-2009-3095), the ap_proxy_ftp_handler function in mod_proxy_ftp allows remote FTP servers to cause a denial of service (CVE-2009-3094), and remote attackers can cause a denial of service via unspecified HTTP requests on Solaris platforms (CVE-2009-2699)."


Any ideas?

Thanks,

0
farzanjCommented:
No these are not.
On RHEL6, I have
httpd.x86_64                              2.2.15-9.el6.centos.3          updates

My current version is:
httpd-2.2.15-5.el6.centos.x86_64

I have also checked on rpm.pbone.net and they don't have any newer version either for Centos5.

I think, you will have to get the newer version that you want and make RPM yourself.  Although, it would need a lot of testing. Or you can install from source.
0
Acronis Data Cloud 7.8 Enhances Cyber Protection

A closer look at five essential enhancements that benefit end-users and help MSPs take their cloud data protection business further.

xtermCommented:
httpd-devel.i386                             2.2.3-53.el5.centos.3        update
 httpd-manual.i386                            2.2.3-53.el5.centos.3        update

 Not too sure what they are exactly though.



Those are just the documentation and development packages, so you are already on the latest EL5 release of Apache - at any time you can do "yum update httpd" to see if there's anything newer.

CentOS 6.x provides 2.2.15-9 as of today.

Many times, RedHat/CentOS will provide security patches to older versions to where you don't need to do the full release upgrade.

I myself would not personally upgrade to a new major release (5->6,   2.2.x -> 2.2.y would be considered a minor release update) over this unless you actually see some evidence that your release is vulnerable.
0
Jan SpringerCommented:
Understand that when you get releases through a distribution point like with RHEL and CentOS, they typically make updates within the main version instead of releasing a later version.

You might be better to find out if there are any vulnerabilities with the release/distribution that you have instead.  If you can document why you are compliant, that should suffice.
0
parparovCommented:
You may want to go to sites like rpm.pbone.net that may have a newer httpd for your release.
0
Luke_flemingAuthor Commented:
I've requested that this question be closed as follows:

Accepted answer: 0 points for Luke_fleming's comment http:/Q_27493618.html#37286108

for the following reason:

Perfect
0
xtermCommented:
Was there something else you wanted to know?  Seems like a handful of us gave you valuable responses that should've answered your question.
0
Luke_flemingAuthor Commented:
Yes, I pressed the request attention button to close the case as I meant to press accept multiple solutions - but it's not letting me select it with the auto close case open. Sorry, as soon as it's close i'll be able to accept multiple solutions!
0
xtermCommented:
No worries, as long as you got the help you needed!
0
xtermCommented:
I'd recommend points be split between xterm and farzanj.
0
xtermCommented:
Sorry, these two:

37286278
37286314

By the author's comment ("Perfect") I gather those addressed the question effectively.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Apache Web Server

From novice to tech pro — start learning today.