Security patches for Apache 1.3.x?
Yedidyah Bar-David
linux-il at didi.bardavid.org
Thu Jul 14 23:10:04 IDT 2011
On Thu, Jul 14, 2011 at 04:29:00PM +0300, Ira Abramov wrote:
> howdie!
>
> I have an embeded system (roughly based on CentOS 3) with a few legacy
> components, one of which is Apache 1.3.42, which has served us well this
> far, but now we bumped into these:
>
> http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-1928
> http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-0419
>
> Since the Apache 1.x line is EOL and I don't see this package has been
> maintained with sec patches by Debian or even RHEL (correct me if I
> missed anything)
>
> Before I'm forced to rock the boat with a move to Apache2, lighty or
> nginx, is there a source for patches for this that I missed?
You might consider RedHat's Extended Lifecycle Support. I do not see
freely distributable SRPMs for it - not sure why, whether that's legal
etc.
I used to compile and use apache 2.x on RHEL/CentOS 3 with no problem.
It will obviously require reviewing your config/modules/etc which might
be a significant task...
--
Didi
More information about the Linux-il
mailing list