httpd2.2.8-1 unable to install on centos 5.4

Installing, Configuring, Troubleshooting server daemons such as Web and Mail
Post Reply
sriram
Posts: 5
Joined: 2013/09/15 12:01:43
Location: Chennai India

httpd2.2.8-1 unable to install on centos 5.4

Post by sriram » 2013/09/15 12:11:24

Hi all,


I am trying to install httpd version httpd-2.2.8-1.el5s2.centos.src.rpm on centos 5.4 x86_64 distribution but i am unable to install using the downloaded RPM httpd-2.2.8-1.el5s2.src.rpm it gives below error.

However i am not sure if i had downloaded the correct RPM I have also tried installing the same via the yum repo but it gives me only httpd 2.2.23 with webstatic or 2.2.3 with Centos updates repo.

Please let me know a way that I could install the httpd-2.2.8-1.el5s2.

Perhaps I only need the correct arch rpm file I am not able to download the same.

Loaded plugins: fastestmirror
Loading mirror speeds from cached hostfile
* addons: ftp.iitm.ac.in
* base: ftp.iitm.ac.in
* epel: mirrors.ispros.com.bd
* extras: ftp.iitm.ac.in
* ius: mirror.rackspace.hk
* rpmforge: mirror-fpt-telecom.fpt.net
* updates: ftp.iitm.ac.in
* webtatic: uk.repo.webtatic.com
Reducing CentOS-5 Testing to included packages only
Finished
Setting up Install Process
Examining /home/sriram/httpd-2.2.8-1.el5s2.src.rpm: httpd-2.2.8-1.el5s2.src
Cannot add package /home/sriram/httpd-2.2.8-1.el5s2.src.rpm to transaction. Not a compatible architecture: src
Nothing to do


Regards
Sriram Nandakumar

User avatar
TrevorH
Forum Moderator
Posts: 29120
Joined: 2009/09/24 10:40:56
Location: Brighton, UK

httpd2.2.8-1 unable to install on centos 5.4

Post by TrevorH » 2013/09/15 13:14:33

Do not use 2.2.8 as it has unfixed security vulnerabilities in it. Use either the very latest or far far better, stick with the version 2.2.3 that CentOS supply as that is fully patched and up to date as long as you regularly run `yum update`.

Webtatic is not recommended.

sriram
Posts: 5
Joined: 2013/09/15 12:01:43
Location: Chennai India

Re: httpd2.2.8-1 unable to install on centos 5.4

Post by sriram » 2013/09/17 11:03:48

Hi,

May I know where I could see the security vulnerabilities listed online for httpd 2.2.8 because i am concerned that my prod servers are on httpd 2.2.8 version.

pls let me know

My other question is that when I could install httpd 2.2.23 from yum repo why yum repo is not providing me the httpd 2.2.8 version which is lower than 2.2.23 is there any specific repo on yum that I could use for 5.3 centos to get the httpd 2.2.8 version ?

Thanks
Sriram Nandakumar

User avatar
TrevorH
Forum Moderator
Posts: 29120
Joined: 2009/09/24 10:40:56
Location: Brighton, UK

Re: httpd2.2.8-1 unable to install on centos 5.4

Post by TrevorH » 2013/09/17 12:19:22

You'd have to read the changelogs on apache.net to find out what was fixed in which release. If your production servers are also supplied by a distro then perhaps that distro also operates a similar backporting policy.

I'm not sure I understand your other question: 2.2.23 is higher than 2.2.8 (23 > 8) but CentOS 5 uses neither of those, it ONLY supplies 2.2.3 with all security vulnerabilities fixed.

Please do not use CentOS 5.3. It has numerous security vulnerabilities. You should run `yum update` ASAP to upgrade to 5.9.

sriram
Posts: 5
Joined: 2013/09/15 12:01:43
Location: Chennai India

Re: httpd2.2.8-1 unable to install on centos 5.4

Post by sriram » 2013/09/26 14:58:06

Hi,

Thanks for the response and the time I appreciate it.

Rephrasing the other question.

As per my reference here https://www.apachehaus.com/index.php?option=com_content&view=article&id=119&Itemid=104 for apache release history I am understanding that 2.2.23 is a higher version than the 2.2.8 so How come centos 5 allows me to install the higher version and not a lower version.

We are not using centos 5.3 we are using only centos 5.4 and above

Thanks
Sriram

User avatar
TrevorH
Forum Moderator
Posts: 29120
Joined: 2009/09/24 10:40:56
Location: Brighton, UK

Re: httpd2.2.8-1 unable to install on centos 5.4

Post by TrevorH » 2013/09/26 16:17:38

You should not run anything except CentOS 5.$latest - currently this is 5.9. If you run older releases then you have unfixed security vulnerabilities and should `yum update` ASAP to get to the latest release.

CentOS 5 doesn't supply ANY version of httpd except 2.2.3. We do not ship or support 2.2.8 or 2.2.23. If you run 2.2.8 then you got that from somewhere other than the CentOS project and unless the supplier of that also operates like Redhat and backports security fixes from the newer releases to the older one then it has unfixed bugs in it. If you run 2.2.3 from CentOS repositories then all security vulnerabilities that are known in newer versions are fixed as long as you have run `yum update` recently.

I'm unsure of what exactly is fixed in 2.2.24 + 25 since the detailed changelogs are not on that site. That may mean that 2.2.23 is vulnerable too.

Post Reply

Return to “CentOS 5 - Server Support”