Opened 9 days ago

Closed 4 days ago

#14293 closed Question/How do I...? (fixed)

Outdated Apache Version?

Reported by: https://id.mayfirst.org/justin.morgan Owned by: https://id.mayfirst.org/jaimev
Priority: High Component: Tech
Keywords: apache2, security Cc: https://id.mayfirst.org/jamie
Sensitive: no

Description

Hello!

It has come to our attention that the Apache server (ella.mayfirst.org) our website (denverdsa.org) is hosted on is out of date. It is running Apache Apache/2.4.25, which has quite a few outstanding vulnerabilities. Is that something we have the power of kicking off an upgrade for, or is that something that you all handle? Thank you!

In Solidarity, Justin

Change History (2)

comment:1 Changed 9 days ago by https://id.mayfirst.org/jaimev

  • Cc https://id.mayfirst.org/jamie added
  • Keywords apache2 security added
  • Owner set to https://id.mayfirst.org/jaimev
  • Priority changed from Medium to High
  • Status changed from new to assigned

Hi justin, we run the version of Apache2 that is maintained in Debian stable. The Debian packagers usually do a pretty good job of incorporating any security updates into the current package. Looking at the Debian security tracker I don't see any open CVE that are fixed in a newer version of apache2.

https://security-tracker.debian.org/tracker/source-package/apache2

Can you point me to any information about the outstanding vulnerabilities you are seeing?

comment:2 Changed 4 days ago by https://id.mayfirst.org/justin.morgan

  • Resolution set to fixed
  • Status changed from assigned to closed

Jamie,

Sorry for the delayed response. I was looking at a scanner that did not take into account the individual CVEs and assumed that because it was an older version of Apache that it did not have those CVEs patched. I do not deal with Linux often so I did not realize that Debian could be incorporating fixes without increasing the version number. If you all are updating things in the background and it includes up-to-date fixes even though Apache shows an older version number, that is all we needed to know.

Thank you for the assistance and sorry for the fire-drill!

In Solidarity, Justin

Please login to add comments to this ticket.

Note: See TracTickets for help on using tickets.