Re: Debian PCI Question
* Matt McCants:
> Does anyone here have PCI audits being done on their Debian boxes?
Yes, we hear about that from time to time.
> The company I work for uses TrustKeeper and the one Debian box I've
> managed to get my boss to allow keeps failing unjustly. Usually they
> fail us due to version strings only (Saying anything less than the
> latest version is insecure [hah!]), and when I appeal that, they
> fail us for reasons that don't even affect us.
There are probably companies that provide a more thorough analysis.
> http://security-tracker.debian.org/tracker/CVE-2009-2699
> http://security-tracker.debian.org/tracker/CVE-2009-3095
> http://security-tracker.debian.org/tracker/CVE-2009-3094
> The first is self explanatory, and as for mod_proxy_ftp, I don't even
> have that loaded.
The other two are already fixed in stable-proposed-updates in
2.2.9-10+lenny5, so you could upgrade to that version.
The general issue is difficult to address, I'm afraid.
Reply to: