On 2015-06-12 10:43, der.hans wrote:
Am 12. Jun, 2015 schwätzte Keith Smith so:
I do some work on a couple CentOS 6.6 servers. Payment Card Industry
(PCI) scans seem to always see the server as vulnerable. I've have to
submit for a review since the server is not really vulnerable.
Your auditors should understand that and be able to do proper
verification.
You would think.
I don't think a lot of people understand how RHEL maintains it's
packages. I know I did not for a long time. RedHat backports
vulnerability fixes while maintaining the original version number.
Here is a great explanation :
https://access.redhat.com/security/updates/backporting/?sc_cid=3093
Thanks for the link! I've mostly understood it, but it's good to have a
handy official reference to point people at.
ciao,
der.hans
---------------------------------------------------
PLUG-discuss mailing list - [email protected]
To subscribe, unsubscribe, or to change your mail settings:
http://lists.phxlinux.org/mailman/listinfo/plug-discuss
--
Keith Smith
---------------------------------------------------
PLUG-discuss mailing list - [email protected]
To subscribe, unsubscribe, or to change your mail settings:
http://lists.phxlinux.org/mailman/listinfo/plug-discuss
