Skip to content
  • There are no suggestions because the search field is empty.

How do I scan for backported patches?

Certain Operating Systems (OSs) deliver patches to older versions of the OS when the software needs to be updated. This is done because older versions of the OS are still supported but only receive minor and critical updates. This concept is known as backported patches. The official patches for the software are backported to an older version to address a common issue or vulnerability.

For example, Apache2 on Debian 8 can receive a minor patch to address a vulnerability, while Apache2 on the latest Debian 10 would receive the official patched version from Apache2, as it is the latest supported version running.

Security Center automatically scans and performs analysis, taking backported patches into account for the most widely used software and OS that support this concept. The list of backported patches is maintained by Holm Security and is continuously updated whenever we identify new backported patch versions.

This feature can't be turned off and is enabled by default for all scans carried out through the platform. 

When backported versions have been identified, an info-level vulnerability is created with details on which software was affected and how the backported logic impacted it. 

For example, version 2.1.32 of Apache2 could be remapped internally to version 2.1.99 by the backported logic to avoid a false-positive impact. This is visible in the info-level vulnerability you can find by searching for "backported." Hence, you might see version 2.1.99 for specific vulnerabilities, which results from backported logic and won't affect the results negatively.

Example of software receiving backported patches:

  • Apache
  • Apache Tomcat
  • OpenSSH
  • Sendmail
  • Dropbear
  • ProFTPD
  • OpenSSL
  • PHP
  • ntpd
  • PHP
  • Apache
  • PostgreSQL
  • Python
  • Sudo
  • lighttpd
  • IBM HTTP Server
  • Oracle HTTP Server
  • CPWS

Example of operating systems using backported patches:

  • Ubuntu
  • RHEL
  • CentOS
  • Oracle Linux/Solaris
  • SuSE
  • openSuSE
  • Mac OS X
  • FreeBSD
  • Fedora
  • Mandriva
  • Mageia
  • EulerOS
  • Slackware
  • Debian
  • Mac OS X Server
  • Virtuozzo
  • OpenVMS
  • Amazon Linux
  • Checkpoint IPSO OS
  • ZyXEL
  • QNX
  • HP-UX
  • SLES