On 04/27/2015 04:09 AM, Venkateswara Rao Dokku wrote: > Thanks for the replies. The tool that we used for testing the security > vulnerability is "Nessus". > > I have glibc version 2.17-78.el7, I saw that CVE-2015-0235 (Ghost) is fixed > in this version and I want to apply patch for the vulnerbailities > CVE-2015-1472 & CVE-2015-1473. Can you please help me in finding the right > version that has fixes for these? > > Thanks I don't know how Nessus works, BUT it seems you need to load all the CentOS Plugins to get it to understand the checks: http://www.tenable.com/plugins/index.php?view=all&family=CentOS+Local+Security+Checks I have NO IDEA if those are correct or how up2date they are, etc. But if you are not loading them, you have no chance of it understanding the backporting that redhat does. > > On Sat, Apr 25, 2015 at 1:05 AM, <m.roth at 5-cent.us> wrote: > >> John R Pierce wrote: >>> On 4/24/2015 12:14 PM, Alexander Dalloz wrote: >>>> Am 24.04.2015 um 11:21 schrieb Venkateswara Rao Dokku: >>>>> I was using CentOS 7 and when I ran some custom commercial security >>>>> scan on >>>>> my machine, I found about 122 vulnerabilities. >>>> >>>> That's why those scans are wasted money. From a security management >>>> point of view they neither help you nor your manager. >>> >>> I call it 'security by bullet list' >> >> I would be more interested if the OP had mentioned *what* "custom >> commercial security scan" tool they'd used. -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 198 bytes Desc: OpenPGP digital signature URL: <http://lists.centos.org/pipermail/centos/attachments/20150427/975a448b/attachment-0004.sig>