On Tue, Jun 29, 2010 at 5:11 PM, Les Mikesell <lesmikesell@xxxxxxxxx> wrote: > What's the correct response to a security scan that points out that > apache versions below 2.2.14 have multiple known vulnerabilities? Is > there an official document about what known vulnerabilities have been > fixed in the RHEL/CentOS updates or do you have to wade through the > changelog to try to find each thing? > > -- > Les Mikesell > lesmikesell@xxxxxxxxx Have them read this: http://www.redhat.com/security/updates/backporting/?sc_cid=3093 If you're dealing with an auditor, that should be all they need as at least they can write down that you've made a conscious decision based on that information. _______________________________________________ CentOS mailing list CentOS@xxxxxxxxxx http://lists.centos.org/mailman/listinfo/centos
Re: security compliance vs. old software versions
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
- To: CentOS mailing list <centos@xxxxxxxxxx>
- Subject: Re: security compliance vs. old software versions
- From: Brian Mathis <brian.mathis@xxxxxxxxx>
- Date: Tue, 29 Jun 2010 17:20:53 -0400
- Delivered-to: centos@xxxxxxxxxx
- In-reply-to: <4C2A6175.5080603@xxxxxxxxx>
- Follow-Ups:
- Re: security compliance vs. old software versions
- From: Bill Campbell
- Re: security compliance vs. old software versions
- References:
- security compliance vs. old software versions
- From: Les Mikesell
- security compliance vs. old software versions
- Prev by Date: Re: security compliance vs. old software versions
- Next by Date: Dell R605 w/ Perc 6/i problem
- Previous by thread: Re: security compliance vs. old software versions
- Next by thread: Re: security compliance vs. old software versions
- Index(es):
 |