Am 12. Jun, 2015 schwätzte Keith Smith so: > I do some work on a couple CentOS 6.6 servers. Payment Card Industry (PCI) > scans seem to always see the server as vulnerable. I've have to submit for a > review since the server is not really vulnerable. Your auditors should understand that and be able to do proper verification. > I don't think a lot of people understand how RHEL maintains it's packages. I > know I did not for a long time. RedHat backports vulnerability fixes while > maintaining the original version number. > > Here is a great explanation : > https://access.redhat.com/security/updates/backporting/?sc_cid=3093 Thanks for the link! I've mostly understood it, but it's good to have a handy official reference to point people at. ciao, der.hans -- # http://www.LuftHans.com/ http://www.PhxLinux.org/ # The Internet is the front line of the battle # to protect our freedom. -- Nathaniel Borenstein