Minor question but: strange Security Update for PHP 7.4 on SLES 15 SP2
we use SLES 15 SP2 and 'zypper info php7' tells us it's up to date.
Repository : SLE-Module-Web-Scripting15-SP2-Updates
Name : php7
Version : 7.4.6-3.17.1
Status : up-to-date
We also know that a security patch (https://www.suse.com/de-de/security/cve/CVE-2021-21)
has been installed.
But a security scanner like Nessus tells us, there is a lower PHP version installed and obviously we are vulnerable.
So PHP 7.4.6 is running but we are encouraged to update at least to 7.4.11 which is not available.
I know that if a patch comes out by the PHP maintainers that it is not possible to quickly deploy the version number in a SUSE product.
But what's SUSE's view of this topic?
Why we should stick on version 7.4.6? Is the only chance to solve the minor incident to suppress the X-Powered-By Server flag or strip it down?
Thank you for reading