The most important command to run when looking at current version of apache is not actually the below:
$ apache2 -v
Server version: Apache/2.2.22 (Ubuntu)
Server built: Jul 12 2013 13:37:15
The above will tell you not much. You need to inspect further:
$ sudo apt-cache policy apache2
apache2:
Installed: 2.2.22-1ubuntu1
Candidate: 2.2.22-1ubuntu1
Version table:
*** 2.2.22-1ubuntu1 0
500 http://us.archive.ubuntu.com/ubuntu/ precise/main amd64 Packages
100 /var/lib/dpkg/status
This is actually telling us that the server is
vulnerable. As a minimum we need 2.2.22-1ubuntu2. What should we do? Simple:
$ sudo apt-get update
$ sudo apt-get upgrade
Which BTW will most likely address other security issues because we will be moving from an old Ubuntu version, for example:
$ cat /etc/lsb-release
DISTRIB_ID=Ubuntu
DISTRIB_RELEASE=12.04
DISTRIB_CODENAME=precise
DISTRIB_DESCRIPTION="Ubuntu 12.04 LTS"
To a patched version of it:
$ cat /etc/lsb-release
DISTRIB_ID=Ubuntu
DISTRIB_RELEASE=12.04
DISTRIB_CODENAME=precise
DISTRIB_DESCRIPTION="Ubuntu 12.04.3 LTS"
No comments:
Post a Comment