Hey, thanks for the helpful info Bill... Honestly though, thanks to the other people who actually gave me some useful info. The choice of "Scanalert"'s (I'm going to use quotes where appropriate) scan is not my choice. Users like to see it, the boss likes to see it, that's what I have to go with; regardless of the quality of the scan itself. _I_ know that my site is well secured (I just wasn't aware of the backporting), but users like to see happy little images on websites. -Jesse Bill Campbell wrote: > On Fri, Oct 05, 2007, Ray Van Dolson wrote: >> On Fri, Oct 05, 2007 at 07:29:12PM -0400, Jesse Cantara wrote: >>> Hello, >>> >>> I am looking for some advice on a way to update some packages to newer >>> releases than are available in the standard CentOS repositories. >>> Specifically, I am trying to update apache and PHP to conform to >>> "Scanalert"'s "Hacker Safe" website security scan, and the required >>> versions do not exist in the CentOS repositories. I'm using CentOS 5. >> Are you sure there are actually issues with your versions of PHP? The >> upstream vendor backports security fixes: >> >> http://www.redhat.com/security/updates/backporting/ >> >> Security scanning tools often have no clue of this. > > You could have left off `` of this''. > > Several of the security scanning companies I've dealt with seem > to be seriously lacking in clues. > > Bill > -- > INTERNET: bill at celestial.com Bill Campbell; Celestial Software LLC > URL: http://www.celestial.com/ PO Box 820; 6641 E. Mercer Way > FAX: (206) 232-9186 Mercer Island, WA 98040-0820; (206) 236-1676 > > Our Foreign dealings are an Open Book, generally a Check Book. > Will Rogers > _______________________________________________ > CentOS mailing list > CentOS at centos.org > http://lists.centos.org/mailman/listinfo/centos >