[CentOS] Apache patching questions

Wed Feb 22 12:31:54 UTC 2006
Jim Perrin <jperrin at gmail.com>

> A colleague ran a copy of Nikto, a scripted vuln. finder, against my server,
> and reported the following problems. The only one I've tested is the
> directory traversal, and it seems to be an issue. Will the upstream vendor
> patch these issues in Apache 2.0.46, or not? If not, does anyone know why
> not?

The upstream vendor backports security fixes into the existing
version. Simply checking the version number is not a valid test for
this simple fact. You can run 'rpm -q --changelog httpd' to see the
fixes or you can look at the RH website and check their security
releases there as well.   https://www.redhat.com/security/updates/

To understand what they're doing with the backporting and why, read
this http://www.redhat.com/advice/speaks_backport.html

"They that can give up essential liberty to obtain a little temporary
safety deserve neither liberty nor safety''
Benjamin Franklin 1775