Re: Debian PCI Question

To: Matthew McCants <mmccants@freelancestar.com>
Cc: debian-user@lists.debian.org
Subject: Re: Debian PCI Question
From: Florian Weimer <fw@deneb.enyo.de>
Date: Fri, 13 Nov 2009 23:33:29 +0100
Message-id: <[🔎] 87k4xu6ona.fsf@mid.deneb.enyo.de>
In-reply-to: <[🔎] 1258127974.1823.9.camel@ITW002> (Matt McCants's message of "Fri, 13 Nov 2009 10:59:34 -0500")
References: <[🔎] 1258127974.1823.9.camel@ITW002>

* Matt McCants:

> Does anyone here have PCI audits being done on their Debian boxes?

Yes, we hear about that from time to time.

> The company I work for uses TrustKeeper and the one Debian box I've
> managed to get my boss to allow keeps failing unjustly. Usually they
> fail us due to version strings only (Saying anything less than the
> latest version is insecure [hah!]), and when I appeal that, they
> fail us for reasons that don't even affect us.

There are probably companies that provide a more thorough analysis.

> http://security-tracker.debian.org/tracker/CVE-2009-2699
> http://security-tracker.debian.org/tracker/CVE-2009-3095
> http://security-tracker.debian.org/tracker/CVE-2009-3094

> The first is self explanatory, and as for mod_proxy_ftp, I don't even
> have that loaded.

The other two are already fixed in stable-proposed-updates in
2.2.9-10+lenny5, so you could upgrade to that version.

The general issue is difficult to address, I'm afraid.

Reply to:

References:
- Debian PCI Question
  - From: Matt McCants <mmccants@freelancestar.com>

Prev by Date: filed a bug report, re: mkdosfs hangs while scanning for bad blocks
Next by Date: Re: Ctrl Alt F11 gives me trouble
Previous by thread: Debian PCI Question
Next by thread: Re: Debian PCI Question
Index(es):
- Date
- Thread