[CentOS] security compliance vs. old software versions
Brian Mathis
brian.mathis at gmail.com
Tue Jun 29 21:20:53 UTC 2010
On Tue, Jun 29, 2010 at 5:11 PM, Les Mikesell <lesmikesell at gmail.com> wrote:
> What's the correct response to a security scan that points out that
> apache versions below 2.2.14 have multiple known vulnerabilities? Is
> there an official document about what known vulnerabilities have been
> fixed in the RHEL/CentOS updates or do you have to wade through the
> changelog to try to find each thing?
>
> --
> Les Mikesell
> lesmikesell at gmail.com
Have them read this:
http://www.redhat.com/security/updates/backporting/?sc_cid=3093
If you're dealing with an auditor, that should be all they need as at
least they can write down that you've made a conscious decision based
on that information.
More information about the CentOS
mailing list