[CentOS] security compliance vs. old software versions

Tue Jun 29 21:20:53 UTC 2010
Brian Mathis <brian.mathis at gmail.com>

On Tue, Jun 29, 2010 at 5:11 PM, Les Mikesell <lesmikesell at gmail.com> wrote:
> What's the correct response to a security scan that points out that
> apache versions below 2.2.14 have multiple known vulnerabilities?  Is
> there an official document about what known vulnerabilities have been
> fixed in the RHEL/CentOS updates or do you have to wade through the
> changelog to try to find each thing?
>
> --
>   Les Mikesell
>    lesmikesell at gmail.com

Have them read this:
http://www.redhat.com/security/updates/backporting/?sc_cid=3093

If you're dealing with an auditor, that should be all they need as at
least they can write down that you've made a conscious decision based
on that information.