On 03/21/2013 06:53 AM, Anumeha Prasad wrote:
Hi,
I'm currently at CentOS 5.8. After some penetration testing, found some high severity OpenSSH issues which would require its upgrade. But till CentOS 5.9 the latest rpm available is openssh-4.3p2-82.el5 (which I'm currently using).
Is it fine to upgrade to CentOS 6 rpms while I'm on CentOS 5?
Others have already discussed backporting. Your scanner needs to understand RHEL backporting to give you correct results. See this link for an explanation of backporting:
https://access.redhat.com/security/updates/backporting/
And this one for a CVE database where you can verify false positives are actually fixed:
https://access.redhat.com/security/cve/
The answer to your other question is: No ...
Upgrading within a branch is simple, by design. CentOS-5 will get security updates until its EOL in 2017. You can upgrade any CentOS-5 machine to the latest updates with a simple "yum upgrade" command. Any security or other issues you think you have can be verified fixed from the cve database link above.
But moving to CentOS-6 from CentOS-5 is not easy. The versions of many things are much higher in CentOS-6. You therefore need to save off your data, do a new install of centos-6, move your date back on and upgrade it to the newer software. Some things will upgrade easily (most httpd, ssh, etc.) ... some things will not convert easily (samba, ldap, php to name a few). Enterprise Linux upgrades between major versions (CentOS-5.x to CentOS-6.x) are complicated and need to be planned and tested very well, they can not be done by just a simple command.
Thanks, Johnny Hughes