On Thu, Mar 21, 2013 at 7:53 AM, Anumeha Prasad anumeha.prasad@gmail.comwrote:
Hi,
I'm currently at CentOS 5.8. After some penetration testing, found some high severity OpenSSH issues which would require its upgrade. But till CentOS 5.9 the latest rpm available is openssh-4.3p2-82.el5 (which I'm currently using).
Why haven't you updated your entire set of packages to 5.9? Red Hat will (or maybe already has) release patched packages -- often times the patches are backported for the software versions RH supports. Meaning that just going by the version number of openssh may mislead you. When in doubt check the RH Bugzilla and CVE reports.
You could rebuild openssh from source, but moving to CentOS 6 is a better game plan.
Is it fine to upgrade to CentOS 6 rpms while I'm on CentOS 5?
See the information on the CentOS wiki (link below). http://wiki.centos.org/HowTos/MigrationGuide
I cannot speak for how well these migration steps work as I opt to do a fresh install and rsync the important data to the new install.
Thanks, Anumeha _______________________________________________ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos