Am 21.03.2013 um 13:12 schrieb John R. Dennison <jrd at gerdesas.com>: > On Thu, Mar 21, 2013 at 05:23:50PM +0530, Anumeha Prasad wrote: >> I'm currently at CentOS 5.8. After some penetration testing, found some >> high severity OpenSSH issues which would require its upgrade. But till >> CentOS 5.9 the latest rpm available is openssh-4.3p2-82.el5 (which I'm >> currently using). > > Most "penetration testing" is done via lackadaisical auditors using > automated tools that are pretty much completely worthless in the real > world using Enterprise Linux as said tools are unaware of backporting > policies. What "issues" were you informed of? They did provide you > with CVE references? for more info check the openssh package deeper: rpm -q --changelog openssh or rpm -q --changelog openssh |grep -i cve -- LF