centos 7获取最新的Apache软件包 [英] centos 7 get latest apache package
问题描述
这个问题来自我对软件包管理器的缺乏理解,
我运行 yum list 并获得 httpd-2.4.6- 40.el7.centos.4.x86_64
建立日期:2016年7月18日星期一17:32:11
我做到了 yum更新&& yum install httpd ,这会为我获取最新版本的httpd吗?
在哪里可以在线检查以确认我的软件包/内部版本是最新的?
如何定期安装我的httpd版本的安全补丁?
更新
[centos〜] $ httpd -v
服务器版本:Apache / 2.4.6(CentOS)
服务器内置:2016年7月18日15:30:14
[centos〜] $ rpm -q --changelog httpd |更多
* 2016年7月18日星期一CentOS来源< bugs@centos.org> -2.4.6-40.el7.centos.4
-删除index.html,添加centos-noindex.tar.gz
-更改vstring
-更改powerbyby.png $ b的符号链接$ b-使用适当的别名更新welcome.conf
As Aaron提到,像yum这样的软件包管理器将只应用安全补丁,因为它们优先考虑稳定性(具有安全性)而不是新功能。
因此,在执行 yum更新后,您将处于httpd 2.4.6的修补版本上,该版本应具有直到最新的httpd版本(在撰写本文时为2.4.23)之前所有必需的安全补丁,但没有其他非安全更改(例如,http / 2支持或
因此,尽管有名称,它实际上已经不是2.4.6了,但绝对不是2.4。也可以是23。
您可以通过运行以下命令来确认已应用补丁(详细信息):
rpm- q --changelog httpd |更多
或者也许要检查特定的CVE:
rpm -q --changelog httpd | grep CVE-Number
以及每个版本的Apache httpd中修复的漏洞(应在内部反向移植)由Red Hat / Centos安排的很短的时间)在这里:
https:// httpd .apache.org / security / vulnerabilities_24.html 或此处: https://www.cvedetails.com/version-list/45/66/1/Apache-Http-Server.html
<定期安装安全更新的最佳方法是定期执行 sudo yum更新,或考虑安装yum-cron来为您执行此操作。关于是否应在产品中将其完全自动化,仍存在一些争论。
This question comes from my lack of understanding of package managers,
I run yum list and get httpd-2.4.6-40.el7.centos.4.x86_64
Build date: Mon Jul 18 17:32:11 2016
I did yum update && yum install httpd, will this get me the latest version of httpd?
where can I check online to confirm my package/build is the latest?
how can I periodically install security patches for my version of httpd?
update
[centos ~]$ httpd -v
Server version: Apache/2.4.6 (CentOS)
Server built: Jul 18 2016 15:30:14
[centos ~]$ rpm -q --changelog httpd | more
* Mon Jul 18 2016 CentOS Sources <bugs@centos.org> - 2.4.6-40.el7.centos.4
- Remove index.html, add centos-noindex.tar.gz
- change vstring
- change symlink for poweredby.png
- update welcome.conf with proper aliases
As Aaron mentioned, package managers like yum will only apply security patches as they prioritise stability (with security) over new features.
So after you do a "yum update" you will be on a patched version of httpd 2.4.6 which should have all the required security patches right up to the latest httpd release (2.4.23 at time of writing) but none of the other non-security changes (e.g. http/2 support or any of the other features and bug fixes unless security related).
So it's not really 2.4.6 anymore, despite the name, but at same time it's definitely not 2.4.23 either.
You can confirm the patches have been applied by running this command (as detailed here):
rpm -q --changelog httpd | more
Or perhaps, to check for a specific CVE:
rpm -q --changelog httpd | grep CVE-Number
And the vulnerabilities fixed in each version of Apache httpd (which should be back ported within a short space of time by Red Hat/Centos) are here: https://httpd.apache.org/security/vulnerabilities_24.html or here: https://www.cvedetails.com/version-list/45/66/1/Apache-Http-Server.html
The best way to periodically install security updates is to do a "sudo yum update" regularly or consider installing yum-cron to do this for you. There is still some debate as to whether this should be fully automated in prod.
这篇关于centos 7获取最新的Apache软件包的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
