Ubuntu PCI-DSS Compliance Issue

view full story

http://serverfault.com – I'm trying to get PCI compliant and the PCI scanning company is flagging our Ubuntu 12.04 PHP 5.3.10-1ubuntu3.9 for CVE-2013-1635. According to http://people.canonical.com/~ubuntu-security/cve/2013/CVE-2013-1635.html the Ubuntu response is "We do not support the user of open_basedir" and all version have been marked as ignored. I'm at a loss for what to do here. I've pointed my scanning company to this same URL, but they don't accept that as and answer. What should I do? Update I do not use this functionality and the open_basedir directive is disabled in php.ini. However, they do not cons (HowTos)