[Date Prev][Date Next] [Thread Prev][Thread Next]
[Thread Index]
[Date Index]
[Author Index]
Re: need to update the following after security audit
- From: Beau Henderson <silentbob gmail com>
- To: taroon-list redhat com
- Subject: Re: need to update the following after security audit
- Date: Tue, 12 Apr 2005 18:52:28 +1000
Which version of RHEL and who or what gave you this information ?
Have you checked the redhat web site ? Have you been keeping your OS
up to date ?
I've had clients complain to me when they see the output of tools such
as rkhunter, etc. when they have reported old or outdated software
simply because of the versioning. Redhat do not always update the
software packages when initiating bug fixes, thus some programs may
appear to be out of date. This is a far to common misconception IMHO.
On Apr 12, 2005 6:46 PM, Jussi Silvennoinen
<jussi_taroon silvennoinen net> wrote:
>
> > Hi.. After the security audit, it is found that some
> > of the application in our RHEL box is old. May I know
> > how to upgrade them?? Do you need to download the RPM
> > on the net or I can just do a
> > up2date-upgrade-to-release version kind of things.???
> >
> >
> > OpenSSH 3.6.1p2 (protocol 2.0)
> >
> > Apache httpd 2.0.46 -need to upgrade to 2.0.5
> >
> > Squid webproxy 2.5.STABLE3- need to update the latest
> > patches
> >
> > Where to get those patches?
> >
> > MySQL 3.23.58- need to upgrade to version 4.0.21
> > Do we need to reconfigure the database after the
> > upgrade?
>
> Spank the auditer. Versionnumber is not sufficient information to
> determine is software safe or not. I guess this person/company has never
> heard of vendors backporting patches.
>
> --
>
> Jussi
>
> --
> Taroon-list mailing list
> Taroon-list redhat com
> http://www.redhat.com/mailman/listinfo/taroon-list
>
--
Beau Henderson
http://www.ImInteractive.net
[Date Prev][Date Next] [Thread Prev][Thread Next]
[Thread Index]
[Date Index]
[Author Index]