I apologize if this is a simple noob question - I looked around and couldn't find an easy answer.
My auditor presenting me with some findings re: httpd (apache) and said I have to upgrade to the newest version. They are basing their findings on the "version" of Apache installed - but are unaware of the fixlevel.
Is there an easy way that I can take a specific Mitre or Securityfocus issue and see if the fix has been backported into the most up to date version of a Centos RPM. While this particular instance is in regards to Apache, I suspect I'll have to do this some more in the future with other RPMs as well.
Thanks for any insight.
On Tue, 2009-07-28 at 13:16 -0500, Andy Akins wrote:
I apologize if this is a simple noob question - I looked around and couldn't find an easy answer.
My auditor presenting me with some findings re: httpd (apache) and said I have to upgrade to the newest version. They are basing their findings on the "version" of Apache installed - but are unaware of the fixlevel.
Is there an easy way that I can take a specific Mitre or Securityfocus issue and see if the fix has been backported into the most up to date version of a Centos RPM. While this particular instance is in regards to Apache, I suspect I'll have to do this some more in the future with other RPMs as well.
Thanks for any insight.
---- maybe this is what you are asking for...
rpm -q --changelog httpd
Craig
-
Andy Akins -
Craig White