How to maintain PCI compliance on a LAMP server when repositories don't keep up with versions

repository pci-dss php lamp

Enterprise Linux distributions deal with this by backporting security fixes from the new version to the original version to which your distribution is locked. You install the updated system packages containing the backported security fixes, and note this in your report to the compliance vendor.

Each report you receive of a potential security vulnerability should include a CVE number. Look up this number in Ubuntu Security Notices (see also Red Hat CVE for RHEL/CentOS) to determine the updates that your system needs.

As a side note, if you are running a PHP-based web site, you often want bug fix updates in addition to security fixes. The distros almost never distribute bug fix updates unless they cause crashes or security problems, and sometimes not even then. In this case it's often wiser to use a PPA that tracks your desired PHP version (e.g. 5.3 or 5.4) instead of the system packages.

Related

How can I stop a currently active DDoS attack? [duplicate]
Lame DNS server
nginx certbot certificate www and non-www
Multiple servers acting like a single one with all the hardware? [closed]
Install Oracle Linux 6.4 on HP ProLiant DL380e Gen8 server
Does disabling root login enhance security?
How do I set up a "secure" open resolver?
What is the correct behaviour when Nameservers Change
SSL certificate for a public IP address?
No free disk space [duplicate]
Load time impact of htaccess
Apache: Scammers point dozens of domain names at my dedicated IP. How to prevent this?