I got caught the same way in March (re PCI scanning). Guess my guy is more up to date than yours! There should be no reason that I found not to update to 2.4.2 BUT BE CAREFUL OF THE CONFIG FILE CHANGES! For example the "order deny allow" format directives no longer work in 2.4.*. There are a few other changes. Also, do not be tempted to update to PHP 5.4.0 as it will cause segfaults in all the child processes for reasons that escape me completely. Use a 5.3.x version. This may be my problem but someone on this list was able to confirm the issue and said that it is a PHP issue. It may be resolved by now. Hope that's useful. John ====================================== On Thursday 24 May 2012 13:05:10 Luke Lozier wrote: > One of the PCI scanning companies is demanding an upgrade to 2.4.2 due > to the issues described in this CVE: Changes with Apache 2.2.23 > > *) SECURITY: CVE-2012-0883 (cve.mitre.org) > envvars: Fix insecure handling of LD_LIBRARY_PATH that could lead > to the current working directory to be searched for DSOs. [Stefan > Fritsch] Is there any idea when 2.2.23 will be released? I'd rather not > upgrade to 2.4.2 > > Apologies if this is the wrong list for this. > > Best, > > Luke Lozier > > --- > > Bibliopolis, LLC > Berkeley | Pittsburgh > > http://www.bibliopolis.com --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|