Hi, I have php 5.4.16 php in my centos 7 machine & when I searched over internet I could see it is effected by some vulenrabilities. So I wanted to upgrade my PHP to 5.6.x, but did not find procedure for it. When I tried yum upgrade php, it says "no packages marked for update" Can you please give me some pointers so that I can continue. On Tue, Apr 28, 2015 at 2:11 AM, Johnny Hughes <johnny at centos.org> wrote: > On 04/27/2015 04:09 AM, Venkateswara Rao Dokku wrote: > > Thanks for the replies. The tool that we used for testing the security > > vulnerability is "Nessus". > > > > I have glibc version 2.17-78.el7, I saw that CVE-2015-0235 (Ghost) is > fixed > > in this version and I want to apply patch for the vulnerbailities > > CVE-2015-1472 & CVE-2015-1473. Can you please help me in finding the > right > > version that has fixes for these? > > > > Thanks > > > I don't know how Nessus works, BUT it seems you need to load all the > CentOS Plugins to get it to understand the checks: > > > http://www.tenable.com/plugins/index.php?view=all&family=CentOS+Local+Security+Checks > > I have NO IDEA if those are correct or how up2date they are, etc. But > if you are not loading them, you have no chance of it understanding the > backporting that redhat does. > > > > > On Sat, Apr 25, 2015 at 1:05 AM, <m.roth at 5-cent.us> wrote: > > > >> John R Pierce wrote: > >>> On 4/24/2015 12:14 PM, Alexander Dalloz wrote: > >>>> Am 24.04.2015 um 11:21 schrieb Venkateswara Rao Dokku: > >>>>> I was using CentOS 7 and when I ran some custom commercial security > >>>>> scan on > >>>>> my machine, I found about 122 vulnerabilities. > >>>> > >>>> That's why those scans are wasted money. From a security management > >>>> point of view they neither help you nor your manager. > >>> > >>> I call it 'security by bullet list' > >> > >> I would be more interested if the OP had mentioned *what* "custom > >> commercial security scan" tool they'd used. > > > > _______________________________________________ > CentOS mailing list > CentOS at centos.org > http://lists.centos.org/mailman/listinfo/centos > > -- Thanks & Regards, Venkateswara Rao Dokku.