Mark Walker asked:
I have a server running Ubuntu 8.04 which is currently PCI-DSS compliant.
The latest security scan has brought up issue CVE-2009-0796
This requires installing a version of libapache2-mod-perl2 (2.0.4-6ubuntu1) that is not available in the ubuntu hardy repositories.
What is the best solution for this without updating the base server version?
My answer:
If you aren’t running perl CGI scripts (most people don’t) then disable mod_perl entirely.
If you must have mod_perl installed, disable perl-status if you had it enabled.
If you weren’t using perl-status, this issue does not apply to your system.
Oh, and file a security bug in launchpad and ask why in the world they haven’t pushed a security update for hardy.
View the full question and any other answers on Server Fault.
This work is licensed under a Creative Commons Attribution-ShareAlike 3.0 Unported License.