2013/3/21 Ron Colvin <r...@colvin-deweese.com>: > Without going to 5.9 you will have unpatched vulnerabilities. With all the > applicable patches for EL5 you should not have any vulnerabilities due to > in-channel software from CentOS. That does not mean the vulnerability scanner > won't find false positives, the key is to get the CVE number of the > vulnerability and searching for how Red Hat responded to the vulnerability > and whether you have the CentOS equivalent of that patch. > > Mobile > > On Mar 21, 2013, at 7:53 AM, Anumeha Prasad <anumeha.pra...@gmail.com> wrote: > >> Hi, >> >> I'm currently at CentOS 5.8. After some penetration testing, found some >> high severity OpenSSH issues which would require its upgrade. But till >> CentOS 5.9 the latest rpm available is openssh-4.3p2-82.el5 (which I'm >> currently using). >> >> Is it fine to upgrade to CentOS 6 rpms while I'm on CentOS 5?
also rpm -q --changelog openssh-server might help for looking backported fixes. -- Eero _______________________________________________ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
