On Fri, 12 Jan 2007, Akemi Yagi wrote:
I run CentOS4.4 386 on a server. The last update was 12/23/2006 like the original poster. The only package that came out after that date was openoffice as of 1/11/2007. There are a couple of new packages that were out yesterday, but things like firefox and thunderbird have not been updated since 12/23/2006.
Two approaches surface -- in looking at the 'server' related updates since late December, I really do not see any, nor, indeed, know of any from Centos' participation in the public and certain private vulnerability clearinghoues. No unpatched public vulnerabilities ** in a server context** have been patched in the last couple weeks.
I monitor the security reporting email address for the project as well, along with some other project members, and know of no public live *server* issues at the moment. [ security@centos.org ]
Alternatively, one can install something just patched, [say: xorg-x11-libs as it reasonably light as to packages it may pull in] and see if one gets the updated version:
[herrold@dhcp-69 ~]$ rpm -qi xorg-x11-libs Name : xorg-x11-libs Relocations: (not relocatable) Version : 6.8.2 Vendor: CentOS Release : 1.EL.13.37.5 Build Date: Thu 11 Jan 2007 11:58:49 PM EST Install Date: Fri 12 Jan 2007 10:24:32 AM EST Build Host: builder6.centos.org Group : System Environment/Libraries Source RPM: xorg-x11-6.8.2-1.EL.13.37.5.src.rpm Size : 6901938 License: MIT/X11, and others Signature : DSA/SHA1, Fri 12 Jan 2007 12:49:36 AM EST, Key ID a53d0bab443e1821 URL : http://xorg.freedesktop.org Summary : Shared libraries needed by the X Window System Description : This package contains the shared libraries required for running X applications.
If this is not observed, I would really have to suspect that you have a non-standard configuration, possibly provided by the bandwidth and hosting vendor you are using, which is pointing at non-stock update archives. This is commonly seen with some colo providers and their so-called 'CentOS' installations
To diagnose this, please run the following:
[herrold@dhcp-69 yum.repos.d]$ rpm -qf \ /etc/yum.repos.d/CentOS-Base.repo && md5sum \ /etc/yum.repos.d/CentOS-Base.repo && rpm -V centos-release centos-release-4-4.2 dcfda3e584bd570a7b820817e355d46d /etc/yum.repos.d/CentOS-Base.repo [herrold@dhcp-69 yum.repos.d]$
If your values do not match, there is a problem which your provider needs to address.
- Russ Herrold herrold@centos.org as well as herrold@owlriver.com