Ubuntu
linux package

PCI Compliance

Asked by Steve Ose

I'm running Ubuntu 10.04 LTS, with the Apache 2.2.14-5ubuntu8.7 package. I'm running into a PCI compliance issue, based on the 2.2.14 version of Apache being detected. I've heard it's possible, and I'm looking for confirmation, that Ubuntu's 2.2.14-5ubuntu8.7 package does NOT have the same compliance issues as the original version 2.2.14. If this is true, what can I provide that proves the non-compliance is actually invalid?

Thank you.

Question information

Language:
English Edit question
Status:
Answered
For:
Ubuntu linux Edit question
Assignee:
No assignee Edit question
Last query:
Last reply:
Revision history for this message
mycae (mycae) said : 		#1

The changelog will list which CVEs are addressed by the ubuntu version. You will need to ask why the PCI check does not like 2.2.14 specifically (if it is 2.2.14 != latest, then thats a lazy and non-rigourous check), and then manually confirm they have been addressed.

The changelog is in your docs folder, or online (rhs of page):
http://packages.ubuntu.com/lucid/apache2

Revision history for this message
mycae (mycae) said : 		#2

https://secure.wikimedia.org/wikipedia/en/wiki/Common_Vulnerabilities_and_Exposures

Can you help with this problem?

Provide an answer of your own, or ask Steve Ose for more information if necessary.

To post a message you must log in.