本文共 3067 字，大约阅读时间需要 10 分钟。

Apache软件基金会（Apache Software Foundation）近日修补了Apache HTTP Server上的一个严重漏洞，此一编号为CVE-2019-0211的安全漏洞属于本地端权限扩张漏洞，将允许黑客取得系统的最高权限以执行任意程序，从2015年10月发表的2.4.17到今年2月发表的2.4.38的十多个版本都遭殃，用户应尽快升级到4月1日释出的2.4.39。此一漏洞可在Apache HTTP Server执行Gracefully Restart时被触发，允许在较低权限的子程序中运作的Event、Worker及Prefork等多任务处理模块（MPM），藉由摆布Scoreboard而能以父程序的权限执行任意程序。

———————————————— 版权声明：本文为CSDN博主「SBFPLAY561」的原创文章，遵循CC 4.0 BY-SA版权协议，转载请附上原文出处链接及本声明。 原文链接：https://blog.csdn.net/SBFPLAY561/article/details/89093818

---------------------

那我们就升级到2.4.38以上，那就最新版2.4.43。

下载地址：

其中一个镜像是：

如果要pgp验证下载文件：参考。publickey我取不到，可能网站down了。

安装步骤：

Download	Download the latest release from http://httpd.apache.org/download.cgiExtract	$ gzip -d httpd-NN.tar.gz$ tar xvf httpd-NN.tar$ cd httpd-NNConfigure	$ ./configure --prefix=PREFIXCompile	$ makeInstall	$ make installCustomize	$ vi PREFIX/conf/httpd.confTest	$ PREFIX/bin/apachectl -k start

然而报错没有APR,一个apache的软件包的管理工具。先下载安装：

apr的安装见解压目录的README:

记得用sudo效果更佳，--prefix可以不用

./configure --prefix=/desired/path/of/apr   make   make test   make install

还有apr-util的安装，也是下载安装：

 

./configure --with-apr=/usr/local/apr && make && sudo make install

装完输出：

Libraries have been installed in:   /usr/local/apr/libIf you ever happen to want to link against installed librariesin a given directory, LIBDIR, you must either use libtool, andspecify the full pathname of the library, or use the '-LLIBDIR'flag during linking and do at least one of the following:   - add LIBDIR to the 'LD_LIBRARY_PATH' environment variable     during execution   - add LIBDIR to the 'LD_RUN_PATH' environment variable     during linking   - use the '-Wl,-rpath -Wl,LIBDIR' linker flag   - have your system administrator add LIBDIR to '/etc/ld.so.conf'See any operating system documentation about shared libraries formore information, such as the ld(1) and ld.so(8) manual pages.----------------------------------------------------------------------/usr/bin/install -c -m 644 aprutil.exp /usr/local/apr/lib/usr/bin/install -c -m 755 apu-config.out /usr/local/apr/bin/apu-1-config

还有PCRE也是类似的:

midc@phab:~/safe/apache/pcre-8.44$ ./configure && make && make check && sudo make install

终于可以继续httpd的安装了：

 

midc@phab:~/safe/apache/httpd-2.4.43$ ./configure --with-apr=/usr/local/aprmakemake install

如果报错：error while loading shared libraries: libpcre.so.1 ld

那么：sudo ln -s /usr/local/lib/libpcre.so.1 /lib/

可以重启apache2服务了

midc@phab:~/safe/apache/httpd-2.4.43$ /usr/local/apache2/bin/apachectl -vServer version: Apache/2.4.43 (Unix)Server built:   Jul  3 2020 17:44:06midc@phab:~/safe/apache/httpd-2.4.43$ sudo systemctl start apache2midc@phab:~/safe/apache/httpd-2.4.43$ sudo systemctl status apache2● apache2.service - The Apache HTTP Server   Loaded: loaded (/lib/systemd/system/apache2.service; disabled; vendor preset: enabled)  Drop-In: /lib/systemd/system/apache2.service.d           └─apache2-systemd.conf   Active: active (running) since Fri 2020-07-03 19:02:03 CST; 8s ago……midc@phab:~/safe/apache/httpd-2.4.43$ /usr/local/apache2/bin/apachectl -vServer version: Apache/2.4.43 (Unix)Server built:   Jul  3 2020 17:44:06