[CentOS] Centos security update
Venkateswara Rao Dokku
dvrao.584 at gmail.com
Thu Apr 30 08:38:24 UTC 2015
Hi,
I have php 5.4.16 php in my centos 7 machine & when I searched over
internet I could see it is effected by some vulenrabilities. So I wanted to
upgrade my PHP to 5.6.x, but did not find procedure for it.
When I tried yum upgrade php, it says "no packages marked for update"
Can you please give me some pointers so that I can continue.
On Tue, Apr 28, 2015 at 2:11 AM, Johnny Hughes <johnny at centos.org> wrote:
> On 04/27/2015 04:09 AM, Venkateswara Rao Dokku wrote:
> > Thanks for the replies. The tool that we used for testing the security
> > vulnerability is "Nessus".
> >
> > I have glibc version 2.17-78.el7, I saw that CVE-2015-0235 (Ghost) is
> fixed
> > in this version and I want to apply patch for the vulnerbailities
> > CVE-2015-1472 & CVE-2015-1473. Can you please help me in finding the
> right
> > version that has fixes for these?
> >
> > Thanks
>
>
> I don't know how Nessus works, BUT it seems you need to load all the
> CentOS Plugins to get it to understand the checks:
>
>
> http://www.tenable.com/plugins/index.php?view=all&family=CentOS+Local+Security+Checks
>
> I have NO IDEA if those are correct or how up2date they are, etc. But
> if you are not loading them, you have no chance of it understanding the
> backporting that redhat does.
>
> >
> > On Sat, Apr 25, 2015 at 1:05 AM, <m.roth at 5-cent.us> wrote:
> >
> >> John R Pierce wrote:
> >>> On 4/24/2015 12:14 PM, Alexander Dalloz wrote:
> >>>> Am 24.04.2015 um 11:21 schrieb Venkateswara Rao Dokku:
> >>>>> I was using CentOS 7 and when I ran some custom commercial security
> >>>>> scan on
> >>>>> my machine, I found about 122 vulnerabilities.
> >>>>
> >>>> That's why those scans are wasted money. From a security management
> >>>> point of view they neither help you nor your manager.
> >>>
> >>> I call it 'security by bullet list'
> >>
> >> I would be more interested if the OP had mentioned *what* "custom
> >> commercial security scan" tool they'd used.
>
>
>
> _______________________________________________
> CentOS mailing list
> CentOS at centos.org
> http://lists.centos.org/mailman/listinfo/centos
>
>
--
Thanks & Regards,
Venkateswara Rao Dokku.
More information about the CentOS
mailing list