Re: security compliance vs. old software versions

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]



On Tue, 29 Jun 2010, Les Mikesell wrote:

> What's the correct response to a security scan that points out that
> apache versions below 2.2.14 have multiple known vulnerabilities?  Is
> there an official document about what known vulnerabilities have been
> fixed in the RHEL/CentOS updates or do you have to wade through the
> changelog to try to find each thing?

I've done one of
1) grep the changelogs
2) hit up my RHT account manager
3) sent the referenced page about backports
4) asked those questioning me to demonstrate the issue
5) complained about my employer spending money on broken tools

Some combination of the above has always worked so far.

----------------------------------------------------------------------
Jim Wildman, CISSP, RHCE       jim@xxxxxxxxxxxxx http://www.rossberry.com
"Society in every state is a blessing, but Government, even in its best
state, is a necessary evil; in its worst state, an intolerable one."
Thomas Paine
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos


[Index of Archives]     [CentOS]     [CentOS Announce]     [CentOS Development]     [CentOS ARM Devel]     [CentOS Docs]     [CentOS Virtualization]     [Carrier Grade Linux]     [Linux Media]     [Asterisk]     [DCCP]     [Netdev]     [Xorg]     [Linux USB]
  Powered by Linux