According to centos-announce there's been no updates for CentOS 4 i386/x86_64 since the seamonkey errata (CESA-2009:0325) on 2009-03-06. A quick rundown shows a rather worrying backlog of missing security updates, some more than a month old: 2009:0313 - Moderate: wireshark 2009:0333 - Moderate: libpng/libpng10 2009:0331 - Important: kernel 2009:0344 - Moderate: libsoup 2009:0354 - Moderate: evolution-data-server 2009:0355 - Moderate: evolution and evolution-data-server 2009:0341 - Moderate: curl 2009:0345 - Moderate: ghostscript (superceded by 2009:0420) 2009:0258 - Moderate: thunderbird 2009:0362 - Moderate: NetworkManager 2009:0373 - Moderate: systemtap 2009:0397 - Critical: firefox 2009:0398 - Critical: seamonkey 2009:0337 - Moderate: php 2009:0409 - Important: krb5 2009:0411 - Moderate: device-mapper-multipath 2009:0420 - Moderate: ghostscript Is there any work being done on these? -tgc