本文共 3067 字,大约阅读时间需要 10 分钟。
Apache软件基金会(Apache Software Foundation)近日修补了Apache HTTP Server上的一个严重漏洞,此一编号为CVE-2019-0211的安全漏洞属于本地端权限扩张漏洞,将允许黑客取得系统的最高权限以执行任意程序,从2015年10月发表的2.4.17到今年2月发表的2.4.38的十多个版本都遭殃,用户应尽快升级到4月1日释出的2.4.39。此一漏洞可在Apache HTTP Server执行Gracefully Restart时被触发,允许在较低权限的子程序中运作的Event、Worker及Prefork等多任务处理模块(MPM),藉由摆布Scoreboard而能以父程序的权限执行任意程序。
———————————————— 版权声明:本文为CSDN博主「SBFPLAY561」的原创文章,遵循CC 4.0 BY-SA版权协议,转载请附上原文出处链接及本声明。 原文链接:https://blog.csdn.net/SBFPLAY561/article/details/89093818---------------------
那我们就升级到2.4.38以上,那就最新版2.4.43。
下载地址:
其中一个镜像是:
如果要pgp验证下载文件:参考。publickey我取不到,可能网站down了。
安装步骤:
Download Download the latest release from http://httpd.apache.org/download.cgiExtract $ gzip -d httpd-NN.tar.gz$ tar xvf httpd-NN.tar$ cd httpd-NNConfigure $ ./configure --prefix=PREFIXCompile $ makeInstall $ make installCustomize $ vi PREFIX/conf/httpd.confTest $ PREFIX/bin/apachectl -k start
然而报错没有APR,一个apache的软件包的管理工具。先下载安装:
apr的安装见解压目录的README:
记得用sudo效果更佳,--prefix可以不用./configure --prefix=/desired/path/of/apr make make test make install
还有apr-util的安装,也是下载安装:
./configure --with-apr=/usr/local/apr && make && sudo make install
装完输出:
Libraries have been installed in: /usr/local/apr/libIf you ever happen to want to link against installed librariesin a given directory, LIBDIR, you must either use libtool, andspecify the full pathname of the library, or use the '-LLIBDIR'flag during linking and do at least one of the following: - add LIBDIR to the 'LD_LIBRARY_PATH' environment variable during execution - add LIBDIR to the 'LD_RUN_PATH' environment variable during linking - use the '-Wl,-rpath -Wl,LIBDIR' linker flag - have your system administrator add LIBDIR to '/etc/ld.so.conf'See any operating system documentation about shared libraries formore information, such as the ld(1) and ld.so(8) manual pages.----------------------------------------------------------------------/usr/bin/install -c -m 644 aprutil.exp /usr/local/apr/lib/usr/bin/install -c -m 755 apu-config.out /usr/local/apr/bin/apu-1-config
还有PCRE也是类似的:
midc@phab:~/safe/apache/pcre-8.44$ ./configure && make && make check && sudo make install
终于可以继续httpd的安装了:
midc@phab:~/safe/apache/httpd-2.4.43$ ./configure --with-apr=/usr/local/aprmakemake install
如果报错:error while loading shared libraries: libpcre.so.1 ld
那么:sudo ln -s /usr/local/lib/libpcre.so.1 /lib/
可以重启apache2服务了
midc@phab:~/safe/apache/httpd-2.4.43$ /usr/local/apache2/bin/apachectl -vServer version: Apache/2.4.43 (Unix)Server built: Jul 3 2020 17:44:06midc@phab:~/safe/apache/httpd-2.4.43$ sudo systemctl start apache2midc@phab:~/safe/apache/httpd-2.4.43$ sudo systemctl status apache2● apache2.service - The Apache HTTP Server Loaded: loaded (/lib/systemd/system/apache2.service; disabled; vendor preset: enabled) Drop-In: /lib/systemd/system/apache2.service.d └─apache2-systemd.conf Active: active (running) since Fri 2020-07-03 19:02:03 CST; 8s ago……midc@phab:~/safe/apache/httpd-2.4.43$ /usr/local/apache2/bin/apachectl -vServer version: Apache/2.4.43 (Unix)Server built: Jul 3 2020 17:44:06