I got caught the same way in March (re PCI scanning). Guess my guy is more
up to date than yours!
There should be no reason that I found not to update to 2.4.2 BUT BE
CAREFUL OF THE CONFIG FILE CHANGES! For example the "order deny allow"
format directives no longer work in 2.4.*. There are a few other changes.
Also, do not be tempted to update to PHP 5.4.0 as it will cause segfaults
in all the child processes for reasons that escape me completely. Use a
5.3.x version. This may be my problem but someone on this list was able to
confirm the issue and said that it is a PHP issue. It may be resolved by
now.
Hope that's useful.
John
======================================
On Thursday 24 May 2012 13:05:10 Luke Lozier wrote:
One of the PCI scanning companies is demanding an upgrade to 2.4.2 due
to the issues described in this CVE: Changes with Apache 2.2.23
*) SECURITY: CVE-2012-0883 (cve.mitre.org)
envvars: Fix insecure handling of LD_LIBRARY_PATH that could lead
to the current working directory to be searched for DSOs. [Stefan
Fritsch] Is there any idea when 2.2.23 will be released? I'd rather not
upgrade to 2.4.2
Apologies if this is the wrong list for this.
Best,
Luke Lozier
---
Bibliopolis, LLC
Berkeley | Pittsburgh
http://www.bibliopolis.com
---------------------------------------------------------------------
To unsubscribe, e-mail:
users-unsubscribe@xxxxxxxxxxxxxxxxFor additional commands, e-mail:
users-help@xxxxxxxxxxxxxxxx