[CentOS] Apache RPM's
Johnny Hughes
johnny at centos.org
Wed Feb 13 05:56:29 UTC 2008
Johnny Hughes wrote:
> Bob Boilard wrote:
>> Hello all,
>>
>> I love CentOS, but I am seriously regretting selecting Centos 4.4 for my
>> production hosting servers. The current situation with CentOS 4.4 and
>> being
>> stuck at Apache 2.0.52 is a huge problem because of the new
>> requirements for
>> the Credit Card industry PCI scan. Apache 2.0.52 does not pass PCI
>> compliance scans. which means no ecommerce on any of these servers -
>> MAJOR
>> ISSUE. So my question to the community is: when are new Apache RPM's
>> going
>> to be released or at minimum a backported version that plugs these
>> security
>> holes so we can pass PCI scans. Apache 2.0.52 has some major issues that
>> need to be dealt with?
>>
>
> I am almost positive that this issue is one of the scan software using
> version numbers and not understanding that RHEL backports fixes.
>
> It is probably just looking at version numbers and not vulnerabilities.
>
> I can not imagine a REAL scanner that will not pass RHEL-4 in it's scans.
>
> There are not any unpatched holes on the latest httpd in centos as all
> security issues are backported.
>
> I know that there are millions of ISPs using CentOS-4 for e-commerce
> everyday.
>
>> Help us out here. I know I am not the only one in this situation. every
>> hosting company that uses Ensim Pro X is just where I am.
>> Any insight or better yet a solution to this would be great.
>
> I would suggest that you ask the scanning agency to specify why they do
> not understand the RHEL backports ... unless there are REALLY unpatched
> issues.
I do want to point out that you need to be running the latest httpd and
php and mysql (or other things) from CentOS-4.6 and not CentOS-4.4 ...
and I do not run any Ensim software, so I am not sure what it does to
the system files ... here are the latest versions that are released:
httpd 2.0.52-38.ent.centos4
mysql 4.1.20-3.RHEL4.1.el4_6
php 4.3.9-3.22.9
If you have versions that are older than that, there are probably
security issues. If you have those, then I think the scanner is
incorrect ... please verify that you have that (or better) on your
centos-4 install.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 252 bytes
Desc: OpenPGP digital signature
URL: <http://lists.centos.org/pipermail/centos/attachments/20080212/f6fde365/attachment.sig>
More information about the CentOS
mailing list