Apache软件基金会(Apache Software Foundation)近日修补了Apache HTTP Server上的一个严重漏洞,此一编号为CVE-2019-0211的安全漏洞属于本地端权限扩张漏洞,将允许黑客取得系统的最高权限以执行任意程序,从2015年10月发表的2.4.17到今年2月发表的2.4.38的十多个版本都遭殃,用户应尽快升级到4月1日释出的2.4.39。此一漏洞可在Apache HTTP Server执行Gracefully Restart时被触发,允许在较低权限的子程序中运作的Event、Worker及Prefork等多任务处理模块(MPM),藉由摆布Scoreboard而能以父程序的权限执行任意程序。
————————————————
版权声明:本文为CSDN博主「SBFPLAY561」的原创文章,遵循CC 4.0 BY-SA版权协议,转载请附上原文出处链接及本声明。
原文链接:https://blog.csdn.net/SBFPLAY561/article/details/89093818
---------------------
那我们就升级到2.4.38以上,那就最新版2.4.43。
下载地址:http://httpd.apache.org/download.cgi#apache24
其中一个镜像是:http://us.mirrors.quenda.co/apache//httpd/httpd-2.4.43.tar.gz
如果要pgp验证下载文件:参考http://httpd.apache.org/dev/verification.html。publickey我取不到,可能网站down了。
安装步骤:http://httpd.apache.org/docs/2.4/install.html
Download Download the latest release from http://httpd.apache.org/download.cgi
Extract $ gzip -d httpd-NN.tar.gz
$ tar xvf httpd-NN.tar
$ cd httpd-NN
Configure $ ./configure --prefix=PREFIX
Compile $ make
Install $ make install
Customize $ vi PREFIX/conf/httpd.conf
Test $ PREFIX/bin/apachectl -k start然而报错没有APR,一个apache的软件包的管理工具。先下载安装:http://apr.apache.org/download.cgi
apr的安装见解压目录的README:
记得用sudo效果更佳,--prefix可以不用
./configure --prefix=/desired/path/of/apr
make
make test
make install还有apr-util的安装,也是下载安装:
./configure --with-apr=/usr/local/apr && make && sudo make install装完输出:
Libraries have been installed in:
/usr/local/apr/libIf you ever happen to want to link against installed libraries
in a given directory, LIBDIR, you must either use libtool, and
specify the full pathname of the library, or use the '-LLIBDIR'
flag during linking and do at least one of the following:
- add LIBDIR to the 'LD_LIBRARY_PATH' environment variable
during execution
- add LIBDIR to the 'LD_RUN_PATH' environment variable
during linking
- use the '-Wl,-rpath -Wl,LIBDIR' linker flag
- have your system administrator add LIBDIR to '/etc/ld.so.conf'See any operating system documentation about shared libraries for
more information, such as the ld(1) and ld.so(8) manual pages.
----------------------------------------------------------------------
/usr/bin/install -c -m 644 aprutil.exp /usr/local/apr/lib
/usr/bin/install -c -m 755 apu-config.out /usr/local/apr/bin/apu-1-config还有PCRE也是类似的:
midc@phab:~/safe/apache/pcre-8.44$ ./configure && make && make check && sudo make install终于可以继续httpd的安装了:
midc@phab:~/safe/apache/httpd-2.4.43$ ./configure --with-apr=/usr/local/apr
make
make install如果报错:error while loading shared libraries: libpcre.so.1 ld
那么:sudo ln -s /usr/local/lib/libpcre.so.1 /lib/
可以重启apache2服务了
midc@phab:~/safe/apache/httpd-2.4.43$ /usr/local/apache2/bin/apachectl -v
Server version: Apache/2.4.43 (Unix)
Server built:Jul3 2020 17:44:06midc@phab:~/safe/apache/httpd-2.4.43$ sudo systemctl start apache2
midc@phab:~/safe/apache/httpd-2.4.43$ sudo systemctl status apache2
● apache2.service - The Apache HTTP Server
Loaded: loaded (/lib/systemd/system/apache2.service;
disabled;
vendor preset: enabled)
Drop-In: /lib/systemd/system/apache2.service.d
└─apache2-systemd.conf
Active: active (running) since Fri 2020-07-03 19:02:03 CST;
8s ago
……midc@phab:~/safe/apache/httpd-2.4.43$ /usr/local/apache2/bin/apachectl -v
Server version: Apache/2.4.43 (Unix)
Server built:Jul3 2020 17:44:06【系统运维|Apache HTTP Server 安全漏洞(CVE-2019-0211)】
