Need to upgrade apache2 and php5 for security reasons

Hanno Stock hanno.stock at gmx.net
Tue Jul 1 15:08:07 BST 2008


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi Christian,

> Our web servers have been checked recently by an external security firm.
> We have been told that our web servers need to be upgraded to the latest
> version in order to fix some security issues.

the security issues fixed in newer versions of apache should also be
fixed in the security updates you get via the Ubuntu update mechanism.

I'm saying "should", because I am not a part of the security team and
have not verified that all issues are fixed.

You might want to cross check the CVE database
(http://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=apache) and the
Launchpad CVE tracker: https://bugs.launchpad.net/bugs/cve

Please consider that the newest upstream version might also introduce
new security issues that have not been discovered yet.

If using the security updated Ubuntu versions is definitely not an
option, you could file a backport request [1] or build the intrepid
version with Prevu [2] yourself.

I'd be interested to hear what others have to say regarding new upstream
version vs. security updates - especially on older systems (Dapper, Gutsy).

Greetings,

Hanno

[1]
https://help.ubuntu.com/community/UbuntuBackports#How%20to%20request%20new%20packages
[2] https://wiki.ubuntu.com/Prevu
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFIajpG3WPYSBTZvX0RAkvKAJ9V4zqCZN+G3HabzwrF/OvTR8PONACg5T+O
nCPX3AaAfqsBALX5KFsuf0A=
=ioO3
-----END PGP SIGNATURE-----




More information about the ubuntu-devel mailing list