Closed userStarlight closed 2 months ago
Each of the CVE describes which version of Apache provides a patch. You can upgrade your Apache software inside the docker container, or try installing the latest image (4.4) and rerun your report.
每个 CVE 都描述了哪个版本的 Apache 提供了补丁。您可以在 docker 容器中升级 Apache 软件,或尝试安装最新映像 (4.4) 并重新运行报表。
是在docker中运行的mediagis/nominatim容器内部升级Apache软件吗?
For benefit of other readers let's use english language in this issue tracker.
为了其他读者的利益,让我们在本期跟踪器中使用英语。
Okay, sorry, my question is: Is it upgrading Apache software inside the media/nominatim container running in Docker?
为了其他读者的利益,让我们在本期跟踪器中使用英语。
Or if I use Dockerfile to build an image, how can I modify the version of Apache 2?
It's an Ubuntu operating system, so usually
docker exec -it $name-of-your-container /bin/bash
then inside the VM
apache2 -v
Server version: Apache/2.4.52 (Ubuntu)
Server built: 2023-03-08T17:32:01
apt-get update
apt-get install --only-upgrade apache2
apache2 -v
Server version: Apache/2.4.52 (Ubuntu)
Server built: 2024-01-17T03:00:18
On https://httpd.apache.org/download.cgi I see the current latest release is 2.4.58 so it's a bit more work. Following the steps on https://www.linuxcapable.com/upgrade-apache-on-ubuntu-linux/ worked:
apache2 -v
Server version: Apache/2.4.58 (Ubuntu)
Server built: 2023-10-25T05:39:09
它是一个 Ubuntu 操作系统,所以通常
docker exec -it $name-of-your-container /bin/bash
然后在 VM 中
apache2 -v Server version: Apache/2.4.52 (Ubuntu) Server built: 2023-03-08T17:32:01 apt-get update apt-get install --only-upgrade apache2 apache2 -v Server version: Apache/2.4.52 (Ubuntu) Server built: 2024-01-17T03:00:18
在 https://httpd.apache.org/download.cgi 上,我看到当前的最新版本是 2.4.58,所以它需要更多的工作。按照 https://www.linuxcapable.com/upgrade-apache-on-ubuntu-linux/ 的步骤工作:
apache2 -v Server version: Apache/2.4.58 (Ubuntu) Server built: 2023-10-25T05:39:09
非常感谢您的回复,但是我这边的环境有点不太乐观。可以不可以在构建镜像的时候就升级apacle2的版本为2.4.58
它是一个 Ubuntu 操作系统,所以通常
docker exec -it $name-of-your-container /bin/bash
然后在 VM 中
apache2 -v Server version: Apache/2.4.52 (Ubuntu) Server built: 2023-03-08T17:32:01 apt-get update apt-get install --only-upgrade apache2 apache2 -v Server version: Apache/2.4.52 (Ubuntu) Server built: 2024-01-17T03:00:18
在 https://httpd.apache.org/download.cgi 上,我看到当前的最新版本是 2.4.58,所以它需要更多的工作。按照 https://www.linuxcapable.com/upgrade-apache-on-ubuntu-linux/ 的步骤工作:
apache2 -v Server version: Apache/2.4.58 (Ubuntu) Server built: 2023-10-25T05:39:09
Thank you very much for your reply, but the environment here is not very optimistic. Can we upgrade the version of Apacle2 to 2.4.58 when building the image
You appear to be using version 4.1. The latest versions of the image have newer versions of apache.
您似乎使用的是版本 4.1。最新版本的映像具有较新版本的 apache。
I tried 4.4 and entered apache2- v into the container after running it Still prompt: Server version: Apache/2.4.52 (Ubuntu) Server build: 2023-03-08T17:32:01 Apt-get update
AFAIK the Ubuntu security team also backports those into the 22.04 release (see https://answers.launchpad.net/ubuntu/+source/apache2/+question/809178 as an example) and we run an update & upgrade command for every release.
描述错误 在docker的mediagis/nominatim:4.1镜像
漏洞 Apache HTTP Server : CVE-2023-25690,CVE-2023-27522,CVE-2023-31122,CVE-2022-23943,CVE-2022-22721,CVE-2022-26377,CVE-2022-22720,CVE-2022-28615,CVE-2022-29404,CVE-2022-30556,CVE-2022-31813,CVE-2006-20001,CVE-2022-22719,CVE-2022-36760
Expected behavior 请问目前有版本,解决的这些漏洞吗?