On 04/24/2015 04:21 AM, Venkateswara Rao Dokku wrote: > Hi, > > I was using CentOS 7 and when I ran some custom commercial security scan on > my machine, I found about 122 vulnerabilities. > > Can you help me on how to get security upgrades on top of my existing > CentOS? The short answer: 'yum update' The long answer: nearly all commercial scanners test via version number, not actual vulnerabilities. You can take the list of 'vulnerable' packages and the related CVEs and 'rpm -q <package> --changelog | grep -i cve' to see that it's been addressed. Alternatively, upstream maintains a cve database at https://access.redhat.com/security/cve/ where you can search the CVE and match related (or newer) versions. I have a very long profanity-laden rant about commercial scanning software and practices that I'll spare folks from. TL;DR it's all terrible, and the vendors have little to no incentive for fixing it. Note: we (CentOS) do not validate CVE closure separately. We rebuild source provided by RH, assuming that they have done the due diligence. -- Jim Perrin The CentOS Project | http://www.centos.org twitter: @BitIntegrity | GPG Key: FA09AD77