On 05/10/2017 09:32, Klaus Vink Slott wrote:
Hi guys
I need a little help here: Based on a scanning from the national CERT my security officer claims that I am running outdated software.
Examples (scanning performed some weeks ago) Version source : X-Powered-By: PHP/5.5.14 Installed version : 5.5.14 Fixed version : 5.5.38
Source : Server: Apache/2.4.23 Installed version : 2.4.23 Fixed version : 2.4.27
As of today the installed rpm's are: me@server:~> rpm -qa | egrep "apache2-2|php5-5" apache2-mod_php5-5.5.14-77.12.1.x86_64 php5-5.5.14-77.12.1.x86_64 apache2-2.4.23-8.12.1.x86_64
I can verify that the rpms on my system is grabbed from updates and build on 21. September 2017. How or where do I find information so I can convince my security officer that relevant security patches has been backported and are installed on my system.
The relevant information is contained in the rpm changelog. To query this use, for instance apache2 "rpm -q --changelog apache2|less" The use of less is needed due to the long history. The changes have a record of every CVE fixed and the openSUSE bug reference - boo#bugnumber. Regards Dave P -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org