Mailinglist Archive: opensuse (783 mails)

< Previous Next >
Re: [opensuse] Sufficiently patched OpenSUSE?
Check by version string is completely meaningless as security patches
are commonly backported. You need to request CVE numbers that are
reported and check whether these CVE are fixed; either they are
explicitly mentioned in changelog or
https://www.suse.com/de-de/security/cve/ would be starting point.

On Thu, Oct 5, 2017 at 10:32 AM, Klaus Vink Slott <list-s@xxxxxxxxxxxxx> wrote:
Hi guys

I need a little help here: Based on a scanning from the national CERT my
security officer claims that I am running outdated software.

Examples (scanning performed some weeks ago)
Version source : X-Powered-By: PHP/5.5.14
Installed version : 5.5.14
Fixed version : 5.5.38

Source : Server: Apache/2.4.23
Installed version : 2.4.23
Fixed version : 2.4.27

As of today the installed rpm's are:
me@server:~> rpm -qa | egrep "apache2-2|php5-5"
apache2-mod_php5-5.5.14-77.12.1.x86_64
php5-5.5.14-77.12.1.x86_64
apache2-2.4.23-8.12.1.x86_64

I can verify that the rpms on my system is grabbed from updates and
build on 21. September 2017. How or where do I find information so I can
convince my security officer that relevant security patches has been
backported and are installed on my system.

--
Regards
Klaus

--
To unsubscribe, e-mail: opensuse+unsubscribe@xxxxxxxxxxxx
To contact the owner, e-mail: opensuse+owner@xxxxxxxxxxxx


--
To unsubscribe, e-mail: opensuse+unsubscribe@xxxxxxxxxxxx
To contact the owner, e-mail: opensuse+owner@xxxxxxxxxxxx

< Previous Next >
Follow Ups
References