Hello, We are running CentOS 5.5 on a server that is not reporting any security updates: [root at server01 ~]# yum -y --security check-update Loaded plugins: fastestmirror, security Loading mirror speeds from cached hostfile * base: bay.uchicago.edu * extras: bay.uchicago.edu * updates: mirror.nyi.net Limiting package lists to security relevant ones No packages needed, for security, 261 available However, Nexpose, our vulnerability scanner detected otherwise. Upon digging deeper, I noticed that we are on a kernel version that has a known issue fixed in a later version: [root at server01 ~]# rpm -q kernel kernel-2.6.18-194.el5 kernel-2.6.18-194.8.1.el5 http://rhn.redhat.com/errata/RHSA-2010-0610.html http://lists.centos.org/pipermail/centos-announce/2010-August/016890.html I appreciate anyone's insight in helping me understand this a bit better. Thanks!
On Tue, 18 Dec 2012 10:38:22 -0600 Terry wrote:> Limiting package lists to security relevant onesWhat does it tell you if you don't limit the package lists to security relevant ones? The current version of Centos 5 is 5.8 and the kernel is 2.6.18-308.24.1.el5, so you're rather behind the times. -- MELVILLE THEATRE ~ Real D 3D Digital Cinema ~ www.melvilletheatre.com www.creekfm.com - FIFTY THOUSAND WATTS of POW WOW POWER!
On Tue, Dec 18, 2012 at 8:38 AM, Terry <td3201 at gmail.com> wrote:> Hello, > > We are running CentOS 5.5 on a server that is not reporting any > security updates: > [root at server01 ~]# yum -y --security check-updateThis feature (yum --security) has not been implemented and CentOS developers are working on it. See the thread on the mailing list: http://lists.centos.org/pipermail/centos-devel/2012-August/008675.html the last post from Karanbir Singh was on Oct 3. Here is a partial quote: I've been testing the yum-security stuff at this end and still have a few issues to work out ( mostly involves reading AUP's and T&C's from various places to make sure the metadata being consumed does not violate anything ) Hope this helps, Akemi
m.roth at 5-cent.us
2012-Dec-18 16:55 UTC
[CentOS] yum --security not detecting security updates
Terry wrote:> Hello, > > We are running CentOS 5.5 on a server that is not reporting any > security updates:<snip>> However, Nexpose, our vulnerability scanner detected otherwise. Upon > digging deeper, I noticed that we are on a kernel version that has a > known issue fixed in a later version: > > [root at server01 ~]# rpm -q kernel > kernel-2.6.18-194.el5 > kernel-2.6.18-194.8.1.el5<snip> As someone else just pointed out, current release is 5.8. For that matter, and I'm just pulling this vaguely out of my memory, .el5 with no sub-numbers suggests to me that this has *never* been updated since the install/update to the initial 5.5. This is *NOT* a good idea. There have been many security fixes since then. mark
Johnny Hughes
2012-Dec-18 17:44 UTC
[CentOS] yum --security not detecting security updates
On 12/18/2012 10:38 AM, Terry wrote:> Hello, > > We are running CentOS 5.5 on a server that is not reporting any > security updates: > [root at server01 ~]# yum -y --security check-update > Loaded plugins: fastestmirror, security > Loading mirror speeds from cached hostfile > * base: bay.uchicago.edu > * extras: bay.uchicago.edu > * updates: mirror.nyi.net > Limiting package lists to security relevant ones > No packages needed, for security, 261 available > > However, Nexpose, our vulnerability scanner detected otherwise. Upon > digging deeper, I noticed that we are on a kernel version that has a > known issue fixed in a later version: > > [root at server01 ~]# rpm -q kernel > kernel-2.6.18-194.el5 > kernel-2.6.18-194.8.1.el5 > > http://rhn.redhat.com/errata/RHSA-2010-0610.html > http://lists.centos.org/pipermail/centos-announce/2010-August/016890.html > > I appreciate anyone's insight in helping me understand this a bit better.The yum security plugin does not currently, nor has it ever, worked on CentOS. It is designed to work with RHN and RHEL and we have not been able to make it work on CentOS. -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 262 bytes Desc: OpenPGP digital signature URL: <http://lists.centos.org/pipermail/centos/attachments/20121218/5ba09209/attachment-0005.sig>
Seemingly Similar Threads
- unable to join a SAMBA linux box to MSWindows 2012 AD
- visibility of groups when multiple Samba servers use the same LDAP server
- Re: entered bc_action_emit with filelen:
- visibility of groups when multiple Samba servers use the same LDAP server
- visibility of groups when multiple Samba servers use the same LDAP server