Dear All I want to put my stuff on centos 6.3 but some colleagues warned that it is not wise to use it at now for some bugs reported. Can you please confirm if this is true and which vulnerability can be risked for ? Thank you
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 02/12/14 08:29, Hadi Motamedi wrote:> Dear All I want to put my stuff on centos 6.3 but some colleagues > warned that it is not wise to use it at now for some bugs reported. > Can you please confirm if this is true and which vulnerability can > be risked for ? Thank you<matrix mode>"There is no 6.3"</matrix mode> .. One thing you have to realize is that there is only CentOS 6, and minor releases that combine security/bugfixes at a "certain point in time". So take whatever CentOS 6.x distro, do a "yum update" on it and it will automatically jump to $actual_version (so 6.6+packages updated post 6.6 release) Of course, one can argue that he can just "stick" with a particular release (by modifying yum or even not running yum update at all) but then it's another game, as it means no security update[s] at all, with all the possible consequences .. - -- Fabian Arrotin The CentOS Project | http://www.centos.org gpg key: 56BEC54E | twitter: @arrfab -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.22 (GNU/Linux) iEYEARECAAYFAlR9a4IACgkQnVkHo1a+xU6TgwCcCQ1RDLGS31pmmySDTtaIIH/J esgAnRPOgfloAuyZfvwGEA2SWylPGk5U =4DQK -----END PGP SIGNATURE-----
On 02/12/14 02:29 AM, Hadi Motamedi wrote:> Dear All > I want to put my stuff on centos 6.3 but some colleagues warned that > it is not wise to use it at now for some bugs reported. Can you please > confirm if this is true and which vulnerability can be risked for ? > Thank youThe heartbleed and shellshock bugs are worth upgrading for themselves. In any case, there really is no reason to stay on 6.3, it's quite old now. -- Digimer Papers and Projects: https://alteeve.ca/w/ What if the cure for cancer is trapped in the mind of a person without access to education?
On 12/02/2014 10:29 AM, Hadi Motamedi wrote:> Dear All > I want to put my stuff on centos 6.3 but some colleagues warned that > it is not wise to use it at now for some bugs reported. Can you please > confirm if this is true and which vulnerability can be risked for ? >It is generally unsafe to run a outdated operating system. Whatever it is. What are your constraints not to upgrade to the latests 6.6?
On 12/1/2014 11:29 PM, Hadi Motamedi wrote:> I want to put my stuff on centos 6.3 but some colleagues warned that > it is not wise to use it at now for some bugs reported. Can you please > confirm if this is true and which vulnerability can be risked for ?As the others said, the OS is "CentOS 6"... "6.3" was simply a snapshot of the updates as of July 2012. As soon as you update it with current fixes ('yum update') you'll be on the current point release, which is CentOS 6.6 at the moment. As has been pointed out several times here, you should NOT assume you can just install individual fixes such as the latest openssl for the heartbeat fixes, and so forth, as these have only been tested running with ALL the latest packages, not every conceivable combination of component versions over the past 4 years or so. -- john r pierce 37N 122W somewhere on the middle of the left coast
> > As has been pointed out several times here, you should NOT assume you > can just install individual fixes such as the latest openssl for the > heartbeat fixes, and so forth, as these have only been tested running > with ALL the latest packages, not every conceivable combination of > component versions over the past 4 years or so. > > > > > -- > john r pierce 37N 122W > somewhere on the middle of the left coast > > _______________________________________________Please let me to post my special thanks to you as your comments solved my problem. Thank you again for assigning your valuable time and experience .