Hi, As others have pointed out, as long as you're patched up, the fixes are backported. Checkbox security is lame. I strongly recommend setting ServerToken ProductOnly See http://httpd.apache.org/docs/1.3/mod/core.html#servertokens for more. It's more secure, because a script kiddie looking in netcraft for attack vectors won't find your server because it's running some version of PHP. Plus, you'll pass the 'scamalert' scans :) On 10/5/07, Jesse Cantara <jesse_cantara at esupport.com> wrote: > > Hello, > > I am looking for some advice on a way to update some packages to newer > releases than are available in the standard CentOS repositories. > Specifically, I am trying to update apache and PHP to conform to > "Scanalert"'s "Hacker Safe" website security scan, and the required > versions do not exist in the CentOS repositories. I'm using CentOS 5. > > I wish to stay within the realm of yum, in order to avoid > RPM-dependency-heck which I have experienced before, trying to source > random third party RPMs that never work out properly. I also wish to > keep the system in a better state of maintenance by sticking to yum. > It's just more organized (and easier) and will help keep things up to > date in the future as well. > > Is there any other option than to go with a 3rd party repository to > hopefully find later versions of apache and PHP? Does anybody have a > recommended repository source? > > Thank you for any help and advice you can give, > -Jesse Cantara > > _______________________________________________ > CentOS mailing list > CentOS at centos.org > http://lists.centos.org/mailman/listinfo/centos > -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://lists.centos.org/pipermail/centos/attachments/20071007/bd1de37e/attachment-0004.html>