On Thu, 2005-06-09 at 14:04 -0400, Michael E. Webster wrote: > Sorry if it's been posted before. I've google'd and searched the > forum archives and didn't > find any answers. > > I'm currently running FC3 with Apache 2.0.52 on about 20 servers. > Several different security > scan programs are showing two vulnerabilities and want me to 'upgrade > apache' to the latest > and greatest version (2.0.54) Remember that version numbers can be misleading, and that Red Hat often backport security fixes to older versions for stability reasons. Check the changelog of your httpd package (rpm -q --changelog httpd) to see if any particular security issues you're concerned about have been addressed in the version of httpd you're running. > but I'm not having any luck finding it in any repositories. I can > force install the new rpm, but I don't want to break anything. When I want an update that's not available for the current version of Fedora, the first thing I usually try is to grab the SRPM from Fedora Core Development (e.g. http://download.fedora.redhat.com/pub/fedora/linux/core/development/SRPMS/httpd-2.0.54-10.src.rpm) and try building that on FC3. More often than not, it works. Building and installing your own RPMs like this doesn't usually result in dependency issues, and RPM will tell you about them if there are any. Paul. -- Paul Howarth <paul@xxxxxxxxxxxx>
