Re: Apache RPM's

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] 

Johnny Hughes wrote:

Bob Boilard wrote:

Hello all,
I love CentOS, but I am seriously regretting selecting Centos 4.4 for my production hosting servers. The current situation with CentOS 4.4 and being stuck at Apache 2.0.52 is a huge problem because of the new requirements for 
the Credit Card industry PCI scan. Apache 2.0.52 does not pass PCI
compliance scans. which means no ecommerce on any of these servers - MAJOR ISSUE. So my question to the community is: when are new Apache RPM's going to be released or at minimum a backported version that plugs these security 
holes so we can pass PCI scans. Apache 2.0.52 has some major issues that
need to be dealt with?
I am almost positive that this issue is one of the scan software using version numbers and not understanding that RHEL backports fixes. 

It is probably just looking at version numbers and not vulnerabilities.

I can not imagine a REAL scanner that will not pass RHEL-4 in it's scans.
There are not any unpatched holes on the latest httpd in centos as all security issues are backported.
I know that there are millions of ISPs using CentOS-4 for e-commerce everyday. 


Help us out here. I know I am not the only one in this situation. every
hosting company that uses Ensim Pro X is just where I am.
Any insight or better yet a solution to this would be great.
I would suggest that you ask the scanning agency to specify why they do not understand the RHEL backports ... unless there are REALLY unpatched issues.
I do want to point out that you need to be running the latest httpd and php and mysql (or other things) from CentOS-4.6 and not CentOS-4.4 ... and I do not run any Ensim software, so I am not sure what it does to the system files ... here are the latest versions that are released: 

httpd                  2.0.52-38.ent.centos4
mysql                  4.1.20-3.RHEL4.1.el4_6
php                    4.3.9-3.22.9
If you have versions that are older than that, there are probably security issues. If you have those, then I think the scanner is incorrect ... please verify that you have that (or better) on your centos-4 install.

Attachment: signature.asc
Description: OpenPGP digital signature

_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos
[Index of Archives]     [CentOS]     [CentOS Announce]     [CentOS Development]     [CentOS ARM Devel]     [CentOS Docs]     [CentOS Virtualization]     [Carrier Grade Linux]     [Linux Media]     [Asterisk]     [DCCP]     [Netdev]     [Xorg]     [Linux USB]
  Powered by Linux