Hi,
I have a SLES11 server ((x86_64) VERSION = 11 PATCHLEVEL = 1 )
running the default apache installed from
apache2-2.2.10-2.24.5.x86_64.rpm which came with the DVD. Now my project
has a requirement to upgrade it to 2.2.21 which fixes the CVES security
issues. I cannot find the .21 version of the apache rpm for SLES 11
anywhere. Can someone tell me what and when is the likelyhood of the rpm
being released by SUSE ?
Parallely I am trying to build from source and then use rpmbuild to
create an rpm - but so far it is a horror show. Specifically with some
libapr util and devel dependencies. I should be able to do it somehow or
the other but I am not a pro and will never know if I miss out on some
files.For our server installations we pack the rpms and create an iso
which gets distributed at customer sites. That is why I need rpms
specifically and cannot do an upgrade.
Hi,
I have a SLES11 server ((x86_64) VERSION = 11 PATCHLEVEL = 1 )
running the default apache installed from
apache2-2.2.10-2.24.5.x86_64.rpm which came with the DVD. Now my
project has a requirement to upgrade it to 2.2.21 which fixes the
CVES security issues. I cannot find the .21 version of the apache rpm
for SLES 11 anywhere. Can someone tell me what and when is the
likelyhood of the rpm being released by SUSE ?
Parallely I am trying to build from source and then use rpmbuild to
create an rpm - but so far it is a horror show. Specifically with some
libapr util and devel dependencies. I should be able to do it somehow
or the other but I am not a pro and will never know if I miss out on
some files.For our server installations we pack the rpms and create
an iso which gets distributed at customer sites. That is why I need
rpms specifically and cannot do an upgrade.
Thanks.
[/color]
Hi
I have 2.2.12-1.28.1 any CVES and security updates get backported, you
need to look at the changelog entries, so version numbers are somewhat
of a misnomer.
Wow ! Every line you mentioned has a wealth of information.
I got this(‘Index of /repositories/Apache/SLE_11_SP1/x86_64’
(http://download.opensuse.org/repositories/Apache/SLE_11_SP1/x86_64/))
from the links you mentioned above which has apache2-2.2.21 rpms already
built from the OBS.Let me work on this and see if I can get it running.
Thanks a bunch Malcolm !
Wow ! Every line you mentioned has a wealth of information.
I got this(‘Index of /repositories/Apache/SLE_11_SP1/x86_64’
(http://download.opensuse.org/repositories/Apache/SLE_11_SP1/x86_64/))
from the links you mentioned above which has apache2-2.2.21 rpms
already built from the OBS.Let me work on this and see if I can get
it running. Thanks a bunch Malcolm !
[/color]
Hi
Just remember the rpms from external sources (Open Build Service)
aren’t supported as such. If you can stick to the ‘official’ ones it’s
better
I am specifically looking at the security update CVE-2011-3348. I
found this link ‘NOVELL: Downloads - Apache2 5344’
(http://download.novell.com/Download?buildid=wANc3xGRZJY~)
which is a security update to apache 2.2.12(patch-5344) for CVE-3192
but it also includes what I want ie 3348. However the access is
restricted. So is this the ‘official’ release that you meant ? And I
would need a paid account to download this patch ?
This link ‘CVE-2011-3348’
(http://support.novell.com/security/cve/CVE-2011-3348.html) says any
version of apache >=2.2.12 will include the security fix I need. So I go
and download the apache2-2.2.21-54.1.x86_64.rpm from ‘Index of
/repositories/Apache/SLE_11_SP1/x86_64’
(http://download.opensuse.org/repositories/Apache/SLE_11_SP1/x86_64/)
(last updated on 12-Dec-11) and install it. When I check the changelog I
do not see the cve-3348 udpate. So what am I missing here ? Also I
suppose this is an unofficial release as this is created out of the OBS
project.
malcolmlewis;2160120 Wrote:[color=blue]
On Sat, 10 Dec 2011 06:06:01 GMT
Hi
Just remember the rpms from external sources (Open Build Service)
aren’t supported as such. If you can stick to the ‘official’ ones it’s
better
I am specifically looking at the security update CVE-2011-3348. I
found this link ‘NOVELL: Downloads - Apache2 5344’
(http://download.novell.com/Download?buildid=wANc3xGRZJY~)
which is a security update to apache 2.2.12(patch-5344) for CVE-3192
but it also includes what I want ie 3348. However the access is
restricted. So is this the ‘official’ release that you meant ? And I
would need a paid account to download this patch ?[/color]
Yes, this is correct
[color=blue]
This link ‘CVE-2011-3348’
(http://support.novell.com/security/cve/CVE-2011-3348.html) says any
version of apache >=2.2.12 will include the security fix I need. So I
go and download the apache2-2.2.21-54.1.x86_64.rpm from ‘Index of
/repositories/Apache/SLE_11_SP1/x86_64’
(http://download.opensuse.org/repositories/Apache/SLE_11_SP1/x86_64/)
(last updated on 12-Dec-11) and install it. When I check the
changelog I do not see the cve-3348 udpate. So what am I missing
here ? Also I suppose this is an unofficial release as this is
created out of the OBS project.
[/color]
Two different paths, the fixes from the one above are backported to
version X.X.XX into the SP1 ‘released’ version. By virtue of the
release being >=2.2.12 it will be there, but not all are necessarily
mentioned.
