enterprise-support team mailing list archive

[Marc Deslauriers <marc.deslauriers@xxxxxxxxxxxxx>]

Your PCI scanning software is broken, it is scanning for software version numbers instead of looking at specific package versions.
See: https://wiki.ubuntu.com/SecurityTeam/FAQ#Versions

For the specific CVE numbers you've mentioned:
CVE-2010-0425 is a windows-specific vulnerability, it doesn't apply to Ubuntu
CVE-2010-0434 is fixed already, see http://www.ubuntu.com/usn/usn-908-1/
CVE-2010-1452 is fixed already, see http://www.ubuntu.com/usn/usn-1021-1/
CVE-2010-1623 is fixed already, see http://www.ubuntu.com/usn/usn-1021-1/
CVE-2010-2068 is a windows-specific vulnerability, it doesn't apply to Ubuntu
CVE-2011-0419 is fixed already, see http://www.ubuntu.com/usn/usn-1134-1/
CVE-2011-1928 is fixed already, see http://www.ubuntu.com/usn/usn-1134-1/

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2010-0425

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2010-0434

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2010-1452

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2010-1623

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2010-2068

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2011-0419

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2011-1928

** Visibility changed to: Public

** Changed in: apache2 (Ubuntu)
       Status: New => Invalid

-- 
You received this bug notification because you are a member of Ubuntu
Server/Client Support Team, which is subscribed to apache2 in Ubuntu.
Matching subscriptions: Ubuntu Server/Client Support Team
https://bugs.launchpad.net/bugs/827662

Title:
  PCI Security failure Apache 2.2.14

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/apache2/+bug/827662/+subscriptions