Mailinglist Archive: opensuse (783 mails)

< Previous Next >
Re: [opensuse] Sufficiently patched OpenSUSE?


On 05/10/2017 09:32, Klaus Vink Slott wrote:
Hi guys

I need a little help here: Based on a scanning from the national CERT my
security officer claims that I am running outdated software.

Examples (scanning performed some weeks ago)
Version source : X-Powered-By: PHP/5.5.14
Installed version : 5.5.14
Fixed version : 5.5.38

Source : Server: Apache/2.4.23
Installed version : 2.4.23
Fixed version : 2.4.27

As of today the installed rpm's are:
me@server:~> rpm -qa | egrep "apache2-2|php5-5"
apache2-mod_php5-5.5.14-77.12.1.x86_64
php5-5.5.14-77.12.1.x86_64
apache2-2.4.23-8.12.1.x86_64

I can verify that the rpms on my system is grabbed from updates and
build on 21. September 2017. How or where do I find information so I can
convince my security officer that relevant security patches has been
backported and are installed on my system.

The relevant information is contained in the rpm changelog. To query this use, for instance apache2 "rpm -q --changelog apache2|less" The use of less is needed due to the long history. The changes have a record of every CVE fixed and the openSUSE bug reference - boo#bugnumber.
Regards
Dave P

--
To unsubscribe, e-mail: opensuse+unsubscribe@xxxxxxxxxxxx
To contact the owner, e-mail: opensuse+owner@xxxxxxxxxxxx

< Previous Next >
Follow Ups
References