Re: How RedHat Backports Vulnerability Fixes

Top Page
Attachments:
Message as email
+ (text/plain)
+ (text/plain)
Delete this message
Reply to this message
Author: der.hans
Date:  
To: Main PLUG discussion list
Subject: Re: How RedHat Backports Vulnerability Fixes
Am 12. Jun, 2015 schwätzte Keith Smith so:

> I do some work on a couple CentOS 6.6 servers. Payment Card Industry (PCI)
> scans seem to always see the server as vulnerable. I've have to submit for a
> review since the server is not really vulnerable.


Your auditors should understand that and be able to do proper verification.

> I don't think a lot of people understand how RHEL maintains it's packages. I
> know I did not for a long time. RedHat backports vulnerability fixes while
> maintaining the original version number.
>
> Here is a great explanation :
> https://access.redhat.com/security/updates/backporting/?sc_cid=3093


Thanks for the link! I've mostly understood it, but it's good to have a
handy official reference to point people at.

ciao,

der.hans
-- 
#  http://www.LuftHans.com/        http://www.PhxLinux.org/
#  The Internet is the front line of the battle
#  to protect our freedom. -- Nathaniel Borenstein
---------------------------------------------------
PLUG-discuss mailing list -
To subscribe, unsubscribe, or to change your mail settings:
http://lists.phxlinux.org/mailman/listinfo/plug-discuss