On Tue, Jun 29, 2010, Brian Mathis wrote:
>On Tue, Jun 29, 2010 at 5:11 PM, Les Mikesell <lesmikesell@xxxxxxxxx> wrote:
>> What's the correct response to a security scan that points out that
>> apache versions below 2.2.14 have multiple known vulnerabilities? Is
>> there an official document about what known vulnerabilities have been
>> fixed in the RHEL/CentOS updates or do you have to wade through the
>> changelog to try to find each thing?
>>
>> --
>> Les Mikesell
>> lesmikesell@xxxxxxxxx
>
>Have them read this:
>http://www.redhat.com/security/updates/backporting/?sc_cid=3093
>
>If you're dealing with an auditor, that should be all they need as at
>least they can write down that you've made a conscious decision based
>on that information.
That's assuming the auditor can read, which seems doubtful
considering what I've found with Securityfocus and similar PCI
testing outfits.
Bill
--
INTERNET: bill@xxxxxxxxxxxxx Bill Campbell; Celestial Software LLC
URL: http://www.celestial.com/ PO Box 820; 6641 E. Mercer Way
Voice: (206) 236-1676 Mercer Island, WA 98040-0820
Fax: (206) 232-9186 Skype: jwccsllc (206) 855-5792
Financial panics, if left alone, rarely cause much damage to the real
economy, output, employment or production. Asset values fall sharply and
wipe out those who borrowed and lent too much, thereby redistributing
wealth from the foolish to the prudent. -- Arthur Laffer
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos
