[CentOS] Is it fine to upgrade to Centos 6 rpms, being at centos 5.8

Eero Volotinen eero.volotinen at iki.fi
Thu Mar 21 12:44:19 UTC 2013


2013/3/21 Ron Colvin <ron at colvin-deweese.com>:
> Without going to 5.9 you will have unpatched vulnerabilities. With all the applicable patches for EL5 you should not have any vulnerabilities due to in-channel software from CentOS. That does not mean the vulnerability scanner won't find false positives, the key is to get the CVE number of the vulnerability and searching for how Red Hat responded to the vulnerability and whether you have the CentOS equivalent of that patch.
>
> Mobile
>
> On Mar 21, 2013, at 7:53 AM, Anumeha Prasad <anumeha.prasad at gmail.com> wrote:
>
>> Hi,
>>
>> I'm currently at CentOS 5.8. After some penetration testing, found some
>> high severity OpenSSH issues which would require its upgrade. But till
>> CentOS 5.9 the latest rpm available is openssh-4.3p2-82.el5 (which I'm
>> currently using).
>>
>> Is it fine to upgrade to CentOS 6 rpms while I'm on CentOS 5?

also rpm -q --changelog openssh-server might help for looking backported fixes.

--
Eero



More information about the CentOS mailing list