Need to upgrade apache2 and php5 for security reasons

Scott Kitterman ubuntu at
Tue Jul 1 14:06:21 UTC 2008

On Monday 30 June 2008 10:52, Christian Desrochers wrote:
> Hi all,
> Our web servers have been checked recently by an external security firm. We
> have been told that our web servers need to be upgraded to the latest
> version in order to fix some security issues.
> Security updates are applied every week on our servers. If I want to
> upgrade Apache to version 2.2.9 and PHP to 5.2.6, how do I proceed if my
> servers are already up to date and if there is nothing to upgrade, even
> when I use the backports repository? I have both dapper and gutsy systems.
> I know that I can download and compile these programs myself, but for
> future updates, it becomes complicated since we have lots of servers...
> Currently, for Gutsy, the version of Apache is 2.2.4-3ubuntu0.1 and PHP is
> PHP5.2.3-1ubuntu6.3.
> Any ideas on how to softly upgrade those two packages?
> Thanks,
> Chris

Did this external security firm check to see what security fixes have been 
added to those releases or did they just look at version numbers?  Generally 
for supported packages security fixes get added to the existing packages in 
the release, so odds are these issues are fixed.  

If there are vulnerabilities that are not patched in Dapper and Gutsy for 
apache and php, then we need to know so they can be fixed.

Also, I'm sending this to ubuntu-devel-discuss as that's a more appropriate 
list for this discussion.  Follow-ups there please.

Scott K

More information about the Ubuntu-devel-discuss mailing list