Bob Boilard wrote: > Hello all, > > I love CentOS, but I am seriously regretting selecting Centos 4.4 for my > production hosting servers. The current situation with CentOS 4.4 and being > stuck at Apache 2.0.52 is a huge problem because of the new requirements for > the Credit Card industry PCI scan. Apache 2.0.52 does not pass PCI > compliance scans. which means no ecommerce on any of these servers - MAJOR > ISSUE. So my question to the community is: when are new Apache RPM's going > to be released or at minimum a backported version that plugs these security > holes so we can pass PCI scans. Apache 2.0.52 has some major issues that > need to be dealt with? > I am almost positive that this issue is one of the scan software using version numbers and not understanding that RHEL backports fixes. It is probably just looking at version numbers and not vulnerabilities. I can not imagine a REAL scanner that will not pass RHEL-4 in it's scans. There are not any unpatched holes on the latest httpd in centos as all security issues are backported. I know that there are millions of ISPs using CentOS-4 for e-commerce everyday. > Help us out here. I know I am not the only one in this situation. every > hosting company that uses Ensim Pro X is just where I am. > Any insight or better yet a solution to this would be great. I would suggest that you ask the scanning agency to specify why they do not understand the RHEL backports ... unless there are REALLY unpatched issues. -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 252 bytes Desc: OpenPGP digital signature URL: <http://lists.centos.org/pipermail/centos/attachments/20080212/ad1e63db/attachment-0004.sig>