How RedHat Backports Vulnerability Fixes

Keith Smith techlists at phpcoderusa.com
Fri Jun 12 11:12:58 MST 2015


On 2015-06-12 10:43, der.hans wrote:
> Am 12. Jun, 2015 schwätzte Keith Smith so:
> 
>> I do some work on a couple CentOS 6.6 servers. Payment Card Industry 
>> (PCI) scans seem to always see the server as vulnerable. I've have to 
>> submit for a review since the server is not really vulnerable.
> 
> Your auditors should understand that and be able to do proper 
> verification.


You would think.


> 
>> I don't think a lot of people understand how RHEL maintains it's 
>> packages. I know I did not for a long time.  RedHat backports 
>> vulnerability fixes while maintaining the original version number.
>> 
>> Here is a great explanation : 
>> https://access.redhat.com/security/updates/backporting/?sc_cid=3093
> 
> Thanks for the link! I've mostly understood it, but it's good to have a
> handy official reference to point people at.
> 
> ciao,
> 
> der.hans
> ---------------------------------------------------
> PLUG-discuss mailing list - PLUG-discuss at lists.phxlinux.org
> To subscribe, unsubscribe, or to change your mail settings:
> http://lists.phxlinux.org/mailman/listinfo/plug-discuss

-- 
Keith Smith


More information about the PLUG-discuss mailing list