On 07/28/2011 10:44 AM, James Harrison wrote:
I understand its not the whole OS and all machines and its all in the implementation and we do have an auditor, however, scans show httpd 2.2.14 as having vulnerabilities. Will the httpd 2.2.3 supplied by RH throw up all kinds of vulnerabilities, because of its lower patch level?
If you look at the changelog for httpd (rpm -q --changelog httpd), you can see which CVEs are addressed by the backported patches to 2.2.3. Often the scanning tool simply looks at the apache headers and reports that Apache httpd is out of date, so you'll have to show this information to any auditor who isn't familiar with RHEL.
-- Jonathan Billings <jsbil...@umich.edu> College of Engineering - CAEN - Unix and Linux Support _______________________________________________ rhelv5-list mailing list rhelv5-list@redhat.com https://www.redhat.com/mailman/listinfo/rhelv5-list
