On 04/12/2018 04:12 PM, Christopher Cox wrote:
On 04/12/2018 04:05 PM, Andreas Turriff wrote:
We are using Check_MK as internal monitoring solution in a PCI-DSS compliant environment. The Check_MK package for RHEL7 has a dependency on PHP; on RHEL7, PHP is at version 5.4, with several vulnerabilities marked as 'wontfix' and being reported in our periodical vulnerability scans. Is there a way to run Check_MK against a PHP version from the Red Hat Software Collections that is more up to date than 5.4? Alternatively, is there a way to get rid of the PHP dependency entirely?


I think the php things are all of things that integrate with check_mk, which in many ways, makes it nice.

With regards to "wontfix", I'm guessing those are Red Hat statements?

Vulnerability checkers often times assume product version and not a product version under support (with security mods being "backported" or fixed, as the case with Red Hat).

Vulnerability checkers often times call things out by "name" (e.g. CVE identifier). You can always check those things via (I include php keyboard, but you can search by CVE):


https://access.redhat.com/security/security-updates/#/cve?q=php&p=1&sort=cve_publicDate%20desc&rows=10&documentKind=Cve
_______________________________________________
checkmk-en mailing list
checkmk-en@lists.mathias-kettner.de
http://lists.mathias-kettner.de/mailman/listinfo/checkmk-en

Reply via email to