Am 21.03.2013 um 13:12 schrieb John R. Dennison jrd@gerdesas.com:
On Thu, Mar 21, 2013 at 05:23:50PM +0530, Anumeha Prasad wrote:
I'm currently at CentOS 5.8. After some penetration testing, found some high severity OpenSSH issues which would require its upgrade. But till CentOS 5.9 the latest rpm available is openssh-4.3p2-82.el5 (which I'm currently using).
Most "penetration testing" is done via lackadaisical auditors using automated tools that are pretty much completely worthless in the real world using Enterprise Linux as said tools are unaware of backporting policies. What "issues" were you informed of? They did provide you with CVE references?
for more info check the openssh package deeper:
rpm -q --changelog openssh
or
rpm -q --changelog openssh |grep -i cve
-- LF