LinuxQuestions.org
Help answer threads with 0 replies.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Server
User Name
Password
Linux - Server This forum is for the discussion of Linux Software used in a server related context.

Notices


Reply
  Search this Thread
Old 02-12-2011, 03:18 PM   #1
MisterTickle
LQ Newbie
 
Registered: Jan 2011
Posts: 19

Rep: Reputation: 0
Updating OpenSSH


My friend told me theirs an exploit with 4.3 of OpenSSH but, I can't seem to update it via Yum at all. Says its the latest version.

[root@server ~]# ssh -V
OpenSSH_4.3p2, OpenSSL 0.9.8e-fips-rhel5 01 Jul 2008

Yet when I go o the site they have a latest update from February of 2011

Am I missing something? Do I need to update and how?
 
Old 02-12-2011, 03:50 PM   #2
AlucardZero
Senior Member
 
Registered: May 2006
Location: USA
Distribution: Debian
Posts: 4,824

Rep: Reputation: 615Reputation: 615Reputation: 615Reputation: 615Reputation: 615Reputation: 615
RHEL backports security patches into their packages. If yum says there are no more updates, there are no more updates from RedHat, and you are probably safe. Get your friend to tell you WHICH exploit (by CVE number) then search on RHEL and that CVE number. I bet you will find a RedHat Security Advisory about it.
 
Old 02-12-2011, 04:03 PM   #3
MisterTickle
LQ Newbie
 
Registered: Jan 2011
Posts: 19

Original Poster
Rep: Reputation: 0
Well I am running Linux Centos so its all right than aswell?

I ran RKHunter and..

[00:04:05] Checking version of Apache [ Warning ]
[00:04:05] Warning: Application 'httpd', version '2.2.3', is out of date, and possibly a security risk.
[00:04:05] Checking version of Bind DNS [ OK ]
[00:04:05] Info: Application 'named' version '9.3.6-P1' found.
[00:04:05] Checking version of OpenSSL [ Warning ]
[00:04:05] Warning: Application 'openssl', version '0.9.8e', is out of date, and possibly a security risk.
[00:04:05] Info: Application 'php' not found.
[00:04:05] Checking version of Procmail MTA [ OK ]
[00:04:06] Info: Application 'procmail' version '3.22' found.
[00:04:06] Info: Application 'proftpd' not found.
[00:04:06] Checking version of OpenSSH [ Warning ]
[00:04:06] Warning: Application 'sshd', version '4.3p2', is out of date, and possibly a security risk.
[00:04:06] Info: Applications checked: 6 out of 9

This is why I'm concerned as to why everything coming up as "out of date" and running on an older version

Last edited by MisterTickle; 02-12-2011 at 04:05 PM.
 
Old 02-12-2011, 06:01 PM   #4
AlucardZero
Senior Member
 
Registered: May 2006
Location: USA
Distribution: Debian
Posts: 4,824

Rep: Reputation: 615Reputation: 615Reputation: 615Reputation: 615Reputation: 615Reputation: 615
Again, RHEL backports security patches, and rkhunter seems to only check the version string.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
LXer: Why a Distro-Provided OpenSSH is Better than a Third-Party OpenSSH LXer Syndicated Linux News 0 02-02-2011 08:50 AM
Openssh mnardone Linux - Server 5 09-16-2009 10:39 AM
Updating VMWare After Updating CentOS Linux31 Red Hat 2 09-18-2007 03:49 PM
X by openSSH Grimmy Linux - Security 2 03-16-2003 09:43 AM
openSSH Niphargus Linux - Security 4 08-06-2002 09:46 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Server

All times are GMT -5. The time now is 04:31 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration