On Tue, Jun 29, 2010 at 5:11 PM, Les Mikesell lesmikesell@gmail.com wrote:
What's the correct response to a security scan that points out that apache versions below 2.2.14 have multiple known vulnerabilities? Is there an official document about what known vulnerabilities have been fixed in the RHEL/CentOS updates or do you have to wade through the changelog to try to find each thing?
-- Les Mikesell lesmikesell@gmail.com
Have them read this: http://www.redhat.com/security/updates/backporting/?sc_cid=3093
If you're dealing with an auditor, that should be all they need as at least they can write down that you've made a conscious decision based on that information.