On Tue, Jun 9, 2015 at 2:45 PM, Salami Kehinde Rasheed < kennysal...@gmail.com> wrote:
> I need step-by-step to make apache-httpd-upgrade-2_2_29, what to download > and how to apply this on production environment(Window Server 2008 and > 2012R2) > > I want to close *Apache HTTPD: mod_status buffer overflow (CVE-2014-0226)* > vulnerability, > I want to close *Apache HTTPD: insecure LD_LIBRARY_PATH handling > (CVE-2012-0883)* Vulnerability > > I got advice to upgrade to 2.2.29 of httpd and I am running on window > server machine... Kindly assist on how I can handle this without > causing disruption on this operation. > This depends greatly on where your current distribution of HTTPD is from. Did you build it yourself or did you download binaries from a website and if so, which site? How is HTTPD set up on your current system? Does it run as a service? What is the path to the executables and libraries? Are you using any non-standard modules? You should obtain the new version from the same place you obtained the old version from. I would make a backup copy of the entire HTTPD directory and then just overwrite all the files except the configuration with the new files you downloaded. That is probably as detailed as you can get without more information about your current environment. - Y
