OpenSSL banner / PCI compliance

[ndial]

For my company's latest compliance audit, we had a vulnerability test run against our server. The test reports that we're running Openssl 0.9.7a and that there is a "High" security risk related to that.

From speaking to other cPanel users and reading the forums, I've learned that cPanel builds a "patched version" and that even though the hbanner says 0.9.7a, it's really got the fix for that vulnerability.

So ...
1) how can I know that for sure, besides taking peoples' word for it, and

2) Where is some documentation to back it up, suitable for presenting in an audit report?

3) if it happens to really be running an older, unpatched version of openSSL, is there ay way in cPanel to fix it?

[richy]

No, it's not cPanel, it's RedHat that "back ports" security patches.

[chirpy]

Indeed. You will find the relevant information over on redhat.com, though their site is a nightmare to navigate.