[CentOS] security compliance vs. old software versions
John Hinton
webmaster at ew3d.com
Tue Jun 29 21:18:29 UTC 2010
On 6/29/2010 5:11 PM, Les Mikesell wrote:
> What's the correct response to a security scan that points out that
> apache versions below 2.2.14 have multiple known vulnerabilities? Is
> there an official document about what known vulnerabilities have been
> fixed in the RHEL/CentOS updates or do you have to wade through the
> changelog to try to find each thing?
>
>
One of the things to do first is to find out if the client who needs the
scan actually does any e-commerce on your server. Otherwise, I have
found that the scans can be stopped by having your client contact their
CC processing company.
It seems that RHEL is in most of these scanner's systems, however CentOS
is not, so they balk at the old versions. It's really all just a big pain.
John Hinton
More information about the CentOS
mailing list