CentOS - Dec 2012 - yum --security not detecting security updates

Hello,

We are running CentOS 5.5 on a server that is not reporting any
security updates:
[root at server01 ~]# yum -y --security check-update
Loaded plugins: fastestmirror, security
Loading mirror speeds from cached hostfile
 * base: bay.uchicago.edu
 * extras: bay.uchicago.edu
 * updates: mirror.nyi.net
Limiting package lists to security relevant ones
No packages needed, for security, 261 available

However, Nexpose, our vulnerability scanner detected otherwise. Upon
digging deeper, I noticed that we are on a kernel version that has a
known issue fixed in a later version:

[root at server01 ~]# rpm -q kernel
kernel-2.6.18-194.el5
kernel-2.6.18-194.8.1.el5

http://rhn.redhat.com/errata/RHSA-2010-0610.html
http://lists.centos.org/pipermail/centos-announce/2010-August/016890.html

I appreciate anyone's insight in helping me understand this a bit better.

Thanks!

On Tue, 18 Dec 2012 10:38:22 -0600
Terry wrote:
> Limiting package lists to security relevant ones
What does it tell you if you don't limit the package lists to security
relevant
ones?

The current version of Centos 5 is 5.8 and the kernel is 2.6.18-308.24.1.el5,
so you're rather behind the times.

-- 
MELVILLE THEATRE ~ Real D 3D Digital Cinema ~ www.melvilletheatre.com
www.creekfm.com - FIFTY THOUSAND WATTS of POW WOW POWER!

On Tue, Dec 18, 2012 at 8:38 AM, Terry <td3201 at gmail.com>
wrote:
> Hello,
>
> We are running CentOS 5.5 on a server that is not reporting any
> security updates:
> [root at server01 ~]# yum -y --security check-update
This feature (yum --security) has not been implemented and CentOS
developers are working on it. See the thread on the mailing list:

http://lists.centos.org/pipermail/centos-devel/2012-August/008675.html

the last post from Karanbir Singh was on Oct 3. Here is a partial quote:

    I've been testing the yum-security stuff at this end and still have a
    few issues to work out ( mostly involves reading AUP's and T&C's
from
    various places to make sure the metadata being consumed does not violate
    anything )

Hope this helps,

Akemi

Terry wrote:
> Hello,
>
> We are running CentOS 5.5 on a server that is not reporting any
> security updates:
<snip>
> However, Nexpose, our vulnerability scanner detected otherwise. Upon
> digging deeper, I noticed that we are on a kernel version that has a
> known issue fixed in a later version:
>
> [root at server01 ~]# rpm -q kernel
> kernel-2.6.18-194.el5
> kernel-2.6.18-194.8.1.el5
<snip>
As someone else just pointed out, current release is 5.8. For that matter,
and I'm just pulling this vaguely out of my memory, .el5 with no
sub-numbers suggests to me that this has *never* been updated since the
install/update to the initial 5.5. This is *NOT* a good idea. There have
been many security fixes since then.

    mark

On 12/18/2012 10:38 AM, Terry wrote:
> Hello,
>
> We are running CentOS 5.5 on a server that is not reporting any
> security updates:
> [root at server01 ~]# yum -y --security check-update
> Loaded plugins: fastestmirror, security
> Loading mirror speeds from cached hostfile
>  * base: bay.uchicago.edu
>  * extras: bay.uchicago.edu
>  * updates: mirror.nyi.net
> Limiting package lists to security relevant ones
> No packages needed, for security, 261 available
>
> However, Nexpose, our vulnerability scanner detected otherwise. Upon
> digging deeper, I noticed that we are on a kernel version that has a
> known issue fixed in a later version:
>
> [root at server01 ~]# rpm -q kernel
> kernel-2.6.18-194.el5
> kernel-2.6.18-194.8.1.el5
>
> http://rhn.redhat.com/errata/RHSA-2010-0610.html
> http://lists.centos.org/pipermail/centos-announce/2010-August/016890.html
>
> I appreciate anyone's insight in helping me understand this a bit
better.
The yum security plugin does not currently, nor has it ever, worked on
CentOS.

It is designed to work with RHN and RHEL and we have not been able to
make it work on CentOS.



-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 262 bytes
Desc: OpenPGP digital signature
URL:
<http://lists.centos.org/pipermail/centos/attachments/20121218/5ba09209/attachment-0005.sig>