el7升级Apache修复漏洞

1、Apache安全漏洞

 Apache HTTP Server拒绝服务漏洞（CVE-2018-1303）Apache HTTP Server 安全漏洞（CVE-2018-17199）Apache HTTP Server 内存破坏漏洞（CVE-2017-9788）Apache httpd 信息泄露漏洞（CVE-2017-9798）Apache HTTP Server mod_ssl空指针间接引用漏洞(CVE-2017-3169)Apache HTTP Server ap_get_basic_auth_pw身份验证绕过漏洞(CVE-2017-3167)Apache HTTP Server mod_mime缓冲区溢出漏洞(CVE-2017-7679)Apache HTTP Server远程安全限制绕过漏洞（CVE-2018-1312）OpenSSL 安全漏洞(CVE-2018-0732)Apache httpd 安全漏洞(CVE-2017-15715)Apache HTTP Server mod_authnz_ldap拒绝服务漏洞（CVE-2017-15710）Apache HTTP Server远程拒绝服务漏洞(CVE-2014-0231)Apache HTTP Server远程拒绝服务漏洞(CVE-2014-0118)Apache HTTP Server远程拒绝服务漏洞(CVE-2014-3523)Apache HTTP Server 'mod_status'远程代码执行漏洞(CVE-2014-0226)OpenSSL 信息泄露漏洞（CVE-2017-3736）OpenSSL 安全限制绕过漏洞（CVE-2017-3737）OpenSSL 旁道攻击信息泄露漏洞（CVE-2018-0734）Apache HTTP Server mod_headers模块权限许可和访问控制漏洞(CVE-2013-5704)Apache HTTP Server mod_cache拒绝服务漏洞(CVE-2014-3581)Apache HTTP Server HTTP请求走私漏洞(CVE-2015-3183)Apache HTTP Server 安全漏洞（CVE-2019-0220）Apache HTTP Server ap_some_auth_required函数访问限制绕过漏洞(CVE-2015-3185)Apache HTTP Server mod_lua模块权限许可和访问控制漏洞(CVE-2014-8109)Apache httpd 跨站脚本漏洞(CVE-2019-10092)Apache httpd 输入验证错误漏洞(CVE-2019-10098)Apache HTTP Server HTTP_PROXY环境变量安全漏洞(CVE-2016-5387)OpenSSL 安全漏洞(CVE-2019-1547)OpenSSL 缓冲区错误漏洞(CVE-2019-1551)OpenSSL旁道攻击信息泄露漏洞（CVE-2018-0737）OpenSSL 信息泄露漏洞(CVE-2018-5407)OpenSSL rsaz_1024_mul_avx2溢出信息泄露漏洞(CVE-2017-3738)OpenSSL 安全漏洞(CVE-2017-3735)Apache httpd 安全漏洞 (CVE-2016-8743)Apache httpd 安全漏洞 (CVE-2016-2161)Apache httpd 安全漏洞 (CVE-2016-0736)Apache HTTP Server 'mod_cache'模块远程拒绝服务漏洞（CVE-2013-4352）Apache HTTP Server多个拒绝服务漏洞(CVE-2013-6438)Apache HTTP Server多个拒绝服务漏洞(CVE-2014-0098)Apache HTTP Server HTTP响应分离漏洞（CVE-2016-4975）Apache HTTP Server拒绝服务漏洞（CVE-2018-1301）Apache HTTP Server远程拒绝服务漏洞(CVE-2014-0117)Apache HTTP Server 输入验证错误漏洞(CVE-2020-1927)Apache HTTP Server 安全漏洞(CVE-2020-1934)OpenSSL 信任管理问题漏洞 (CVE-2019-15526)OpenSSL 安全漏洞(CVE-2019-1563)

2、升级Apache

2.1、升级原因

el7社区、官方等均不维护
el7 apache 官方版本为2.4.6，过时了
第三方平台也缺乏支持

2.2、升级apr

2.2.1 下载

下载网址如下

https://apr.apache.org/download.cgi

下载目前的最新版

wget https://dlcdn.apache.org//apr/apr-1.7.4.tar.bz2

2.2.2 安装rpmbuild等依赖包

yum install autoconf doxygen libtool libuuid-devel openldap-devel lua-devel libxml2-devel expat-devel db4-devel postgresql-devel sqlite-devel unixODBC-devel nss-devel apr-util-devel gcc make rpm-build

2.2.3 准备rpmbuild构建目录

mkdir -p ~/rpmbuild/{BUILD,BUILDROOT,RPMS,SOURCES,SPECS,SRPMS}

2.2.4 编译apr rpm包

cp apr-1.7.4.tar.bz2 ~/rpmbuild/SOURCES
tar -xvf apr-1.7.4.tar.bz2
cp apr-1.7.4/apr.spec ~/rpmbuild/SPECS/
cd ~/rpmbuild/SPECS/
rpmbuild -ba apr.spec

编译完成后查看rpm包：

ls -hl ../RPMS/aarch64/apr-*
-rw-r--r-- 1 root root 103K Jul 19 15:15 ../RPMS/aarch64/apr-1.7.4-1.aarch64.rpm
-rw-r--r-- 1 root root 467K Jul 19 15:15 ../RPMS/aarch64/apr-debuginfo-1.7.4-1.aarch64.rpm
-rw-r--r-- 1 root root 860K Jul 19 15:15 ../RPMS/aarch64/apr-devel-1.7.4-1.aarch64.rpm

2.2.5 安装arp rpm

cd ../RPMS/aarch64yum localinstall apr-1.7.4-1.aarch64.rpm apr-devel-1.7.4-1.aarch64.rpm

2.3、httpd

2.3.1 下载

下载网址如下

https://httpd.apache.org/download.cgi

下载目前的最新版

wget https://dlcdn.apache.org/httpd/httpd-2.4.62.tar.bz2

2.3.2 编译http rpm包

cp httpd-2.4.62.tar.bz2 ~/rpmbuild/SOURCES
tar -xvf httpd-2.4.62.tar.bz2
cp httpd-2.4.62/httpd.spec ~/rpmbuild/SPECS/
cd ~/rpmbuild/SPECS/
rpmbuild -ba httpd.spec

编译完成后查看rpm包：

ls -hl ../RPMS/aarch64/{httpd-*,mod_*}
-rw-r--r-- 1 root root 1.4M Jul 19 15:38 ../RPMS/aarch64/httpd-2.4.62-1.aarch64.rpm
-rw-r--r-- 1 root root 3.8M Jul 19 15:38 ../RPMS/aarch64/httpd-debuginfo-2.4.62-1.aarch64.rpm
-rw-r--r-- 1 root root 209K Jul 19 15:38 ../RPMS/aarch64/httpd-devel-2.4.62-1.aarch64.rpm
-rw-r--r-- 1 root root 4.3M Jul 19 15:38 ../RPMS/aarch64/httpd-manual-2.4.62-1.aarch64.rpm
-rw-r--r-- 1 root root  79K Jul 19 15:38 ../RPMS/aarch64/httpd-tools-2.4.62-1.aarch64.rpm
-rw-r--r-- 1 root root  44K Jul 19 15:38 ../RPMS/aarch64/mod_authnz_ldap-2.4.62-1.aarch64.rpm
-rw-r--r-- 1 root root  45K Jul 19 15:38 ../RPMS/aarch64/mod_lua-2.4.62-1.aarch64.rpm
-rw-r--r-- 1 root root  24K Jul 19 15:38 ../RPMS/aarch64/mod_proxy_html-2.4.62-1.aarch64.rpm
-rw-r--r-- 1 root root  91K Jul 19 15:38 ../RPMS/aarch64/mod_ssl-2.4.62-1.aarch64.rpm

2.3.3 安装http rpm

安装http需要先卸载

yum remove httpd-mmn httpd-tools

安装

cd ../RPMS/aarch64
yum localinstall httpd-2.4.62-1.aarch64.rpm httpd-tools-2.4.62-1.aarch64.rpm httpd-manual-2.4.62-1.aarch64.rpm  mod_lua-2.4.62-1.aarch64.rpm mod_proxy_html-2.4.62-1.aarch64.rpm mod_ssl-2.4.62-1.aarch64.rpm

2.3.4 、其他

cd /etc/httpd/conf.modules.d
rm -rf 00-systemd.conf 01-cgi.conf 10-wsgi.conf

2.3.5、启动服务

systemctl start httpd

3、参考文献

https://blog.csdn.net/yuelai_217/article/details/130741234
https://blog.csdn.net/fredricen/article/details/140129540
https://blog.csdn.net/rznice/article/details/121693102
https://blog.csdn.net/weixin_41522108/article/details/134658656

本文来自互联网用户投稿，该文观点仅代表作者本人，不代表本站立场。本站仅提供信息存储空间服务，不拥有所有权，不承担相关法律责任。如若转载，请注明出处：http://www.mzph.cn/diannao/50114.shtml

如若内容造成侵权/违法违规/事实不符，请联系多彩编程网进行投诉反馈email:809451989@qq.com，一经查实，立即删除！