Mark Walker asked:
I have a server running Ubuntu 8.04 which is currently PCI-DSS compliant.
The latest security scan has brought up issue CVE-2009-0796
This requires installing a version of libapache2-mod-perl2 (2.0.4-6ubuntu1) that is not available in the ubuntu hardy repositories.
What is the best solution for this without updating the base server version?
If you aren’t running perl CGI scripts (most people don’t) then disable mod_perl entirely.
If you must have mod_perl installed, disable perl-status if you had it enabled.
If you weren’t using perl-status, this issue does not apply to your system.
Oh, and file a security bug in launchpad and ask why in the world they haven’t pushed a security update for hardy.
This work is licensed under a Creative Commons Attribution-ShareAlike 3.0 Unported License.