On Thu, Jul 14, 2011 at 04:29:00PM +0300, Ira Abramov wrote:
howdie!
I have an embeded system (roughly based on CentOS 3) with a few legacy
components, one of which is Apache 1.3.42, which has served us well this
far, but now we bumped into these:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-1928
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-0419
Since the Apache 1.x line is EOL and I don't see this package has been
maintained with sec patches by Debian or even RHEL (correct me if I
missed anything)
Before I'm forced to rock the boat with a move to Apache2, lighty or
nginx, is there a source for patches for this that I missed?
You might consider RedHat's Extended Lifecycle Support. I do not see
freely distributable SRPMs for it - not sure why, whether that's legal
etc.
I used to compile and use apache 2.x on RHEL/CentOS 3 with no problem.
It will obviously require reviewing your config/modules/etc which might
be a significant task...
--
Didi
___
Linux-il mailing list
Linux-il@cs.huji.ac.il
http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il