[CentOS] security compliance vs. old software versions

John Hinton webmaster at ew3d.com
Tue Jun 29 21:18:29 UTC 2010


On 6/29/2010 5:11 PM, Les Mikesell wrote:
> What's the correct response to a security scan that points out that
> apache versions below 2.2.14 have multiple known vulnerabilities?  Is
> there an official document about what known vulnerabilities have been
> fixed in the RHEL/CentOS updates or do you have to wade through the
> changelog to try to find each thing?
>
>    
One of the things to do first is to find out if the client who needs the 
scan actually does any e-commerce on your server. Otherwise, I have 
found that the scans can be stopped by having your client contact their 
CC processing company.

It seems that RHEL is in most of these scanner's systems, however CentOS 
is not, so they balk at the old versions. It's really all just a big pain.

John Hinton



More information about the CentOS mailing list