On Thu, May 5, 2011 at 2:45 PM, Paul Graydon <p...@paulgraydon.co.uk> wrote: > there is nothing stated that I can see to say whether or not the servers > running outdated Apache Web servers had any connection to PSN, SOE, or
As far as I can tell the security experts, or the news reports misquoting experts, are getting their information from an IRC chat log [1]. Which starting on line 239 says "they should know that running an older version of apache on a redhat server with known vulnerabilities... I consider apache 2.2.15 old... they are running linux 2.6.9-2.6.24... that too is old." RHEL 6 has Apache 2.2.15. According to my archive of RH's enterprise-watch-list there have been no security advisories for httpd in RHEL 6. RHEL 5 has Apache 2.2.3, it has not had a security advisory since 2010-08-30. One person on the IRC actually says "its just backported security patches." I guess FUD is more interesting than facts. 1. http://pastebin.com/m0ZxsjAb -Anton _______________________________________________ Tech mailing list Tech@lists.lopsa.org https://lists.lopsa.org/cgi-bin/mailman/listinfo/tech This list provided by the League of Professional System Administrators http://lopsa.org/
