How do I verify a patch is applied?
From: Yong Huang (yong321_at_yahoo.com)
Date: 7 Jul 2003 13:55:14 -0700
Managers keep forwarding security alerts to us even though our Apache
is running inside the firewall (the same with Oracle listeners and
other products). So we apply the patch. But without knowing how the
security hole is exploited, we can only show managers the output of
httpd -v to prove our work. Are we supposed to have somebody really
check by trying to hack? Applying security patches becomes tedious
without knowing the exploit. But obviously we won't know it unless we
spend a lot of time on hackers' forums. What's common practice?