Skip to main content

PCI Compliance

Comments

4 comments

  • cPanelMichael
    Hello, It's possible the required security fixes are backported to the versions of those packages installed on your system. We document this at: PCI Compliance and Software Versions - cPanel Knowledge Base - cPanel Documentation Let me know if this document helps. Thank you.
    0
  • dstana
    Hey Michael, That might help, I'll have to dig through those a bit more closely. However, this is another issue that was mentioned that was configuration related instead of by package version. SSH: Reconfigure the service to use a unique Diffie-Hellman moduli of 2048 bits or greater.
    0
  • dstana
    Ok, so I went through all of them. Everything is backported except CVE-2017-15906 because Centos hasn't released the patch yet. But this was mentioned elsewhere that it only affects read-only SFTP configurations. I removed the 1024 bit moduli from /etc/ssh/moduli and restarted SSHD. Looks like everything should be good.
    0
  • cPanelMichael
    Hello, I'm glad to see it's now sorted. Thank you for sharing the outcome.
    0

Please sign in to leave a comment.