Score:0

Ubuntu

Install Package From Upstream

CodingWithRoyal

5/14/23, 11:19 AM

I am trying to install latest version of Apache2 (2.4.52) without compiling from source and all that headache. I saw Ubuntu CVE and there is this version available but in Upstream I tried to do Pin install but that's not working.

/etc/apt/apache2::

Package: apache2
Pin: version 2.4.52
Pin-Priority: 990

Ubuntu Version

Distributor ID: Ubuntu
Description:    Ubuntu 21.10
Release:        21.10
Codename:       impish

But still apt upgrade or apt-get upgrade can't find this new version

0 + 0

apache2

ChanganAuto

5/14/23, 11:22 AM

Unless the version already exists in the official repositories (it doesn't) or provided as a Snap or Flatpak (it isn't) or provided by a PPA (???) then you must compile it from source.

guiverc

5/14/23, 11:24 AM

You've provided no OS & release details - your paste shows the fix is available; but without release details how are we to know what your actual issue is. Your paste shows the version where the fix is backported for each release.

CodingWithRoyal

5/14/23, 11:24 AM

but according to CVE its already there in UPSTREAM why can't we access it directly from there ?

guiverc

5/14/23, 11:25 AM

The paste shows what package for each release contains the relevant fix (back-ported). You've not provided your release details so we can't know which applies to your system.

CodingWithRoyal

5/14/23, 11:26 AM

@guiverc edited my ubuntu detail... pls check again

guiverc

5/14/23, 11:26 AM

2.48.48.3.1... contains the fix for *impish* or 21.10 as per your paste. Fixes get back-ported to the version already existing in the repository; the table tells you what package for each release **contains** the CVE fix listed in the page.

CodingWithRoyal

5/14/23, 11:27 AM

@guiverc correct I am only getting 2.4.48 from impish

guiverc

5/14/23, 11:28 AM

That contains your fix - the fix is **back-ported** to the versions in that table; ie. you have the fix already as per the document you provided fixing CVE-2021-44790 with that package.

Score:4

Ubuntu

guiverc

5/14/23, 11:33 AM

Fixes for CVE-2021-44790

are available for these releases provided in your table on https://ubuntu.com/security/CVE-2021-44790

That means the package 2.4.48-3.1ubuntu3.2 available for Ubuntu 21.10 contains the fix you're after.

Packages are not upgraded to later versions; fixes get back-ported to the existing packages (unless it's more work to backport what's required & re-test, compared to just using a newer package & re-testing everything impacted by the upgraded package - that is rare)

0 + 0

CodingWithRoyal

5/14/23, 11:38 AM

Thank you so much... now it make sense to me

guiverc

5/14/23, 11:40 AM

You're more welcome.

Elon Musk

I sit in a Tesla and translated this thread with Ai:

EN: Install Package From Upstream

TH: ติดตั้งแพ็คเกจตั้งแต่ต้นน้ำ

RO: Instalați pachetul din amonte

RU: Установить пакет из восходящего потока

VI: Cài đặt gói từ thượng nguồn

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.