On Thu, Jul 14, 2011 at 04:29:00PM +0300, Ira Abramov wrote: > howdie! > > I have an embeded system (roughly based on CentOS 3) with a few legacy > components, one of which is Apache 1.3.42, which has served us well this > far, but now we bumped into these: > > http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-1928 > http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-0419 > > Since the Apache 1.x line is EOL and I don't see this package has been > maintained with sec patches by Debian or even RHEL (correct me if I > missed anything) > > Before I'm forced to rock the boat with a move to Apache2, lighty or > nginx, is there a source for patches for this that I missed?
You might consider RedHat's Extended Lifecycle Support. I do not see freely distributable SRPMs for it - not sure why, whether that's legal etc. I used to compile and use apache 2.x on RHEL/CentOS 3 with no problem. It will obviously require reviewing your config/modules/etc which might be a significant task... -- Didi _______________________________________________ Linux-il mailing list Linux-il@cs.huji.ac.il http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il
