Hi Team,

I am new to SUSE Linux and i got request that need to do remediation
vulnerabilities like (HTTPD,NTP etc)

i came to know that My SUSE Linux Enterprise Server 11 SP1 (x86_64) - Kernel

i want to upgrade the httpd. and ntpd(2.4.4 to latest) services , i have try below commands but could not.

zypper -update

zypper patch --cve=CVE-2013-5211

result:
Loading repository data...
Reading installed packages...
Fix for CVE issue number CVE-2013-5211 was not found or is not needed.
Resolving package dependencies...

Nothing to do.

Please suggest how to upgrade the services? or how to remediation
vulnerabilities?

Your post is confusing; if you got the job to perform these tasks, it's very odd you don't know how to perform them. Also, are there not any coworkers you can ask for assistance?? Be aware that none of us here are on your 'team', but will be glad to try to assist you.

You're using SuSE Enterprise...that is a commercial, pay-for distribution. Since that's the case, you are paying for support with SuSE...have you contacted them, or checked their knowledgebase? And based on what you posted, it would seem you have the latest versions already installed, so what are you actually trying to *FIX*??? Have you actually checked to see what versions of these programs you have installed currently?? Checked to see if there are any vulnerabilities in those versions?

What is your real goal here?

Thanks @TB0ne

I have checked that in linux box and its is old ntpd service is running i.e ntpd - NTP daemon program - Ver. 4.2.4p8

and vulnerability team suggest us to upgrade to new version to avoid the vulnerability so i have download latest one ntp-4.2.8p10

after download i have done below steps

tar xvfz ntp-4.2.8p4.tar.gz
cd ntp-4.2.8p4/
./configure
make
make install

but when i check the version its shown old version

linux-:~ # ntpd --version
ntpd - NTP daemon program - Ver. 4.2.4p8

can please suggest how to overridden old one here?

i hope your boss dose not read this site

basically the SAME way as you would on a windows server

i am guessing you never bothered to READ the "help" output nor anything other than "some page on the web"

that installed it to /usr/opt
that location is NOT used by SUSE by default

so now you have TWO versions of it installed
one in the default location /usr
and the other in /usr/opt

ALSO!!!!!!!!
you should be using "zypper" ( the PACKAGE MANAGER!!! ) to install software

Again I am asking you how you got this job, when it appears you lack the skills to do it, and am telling you to contact SuSE support with your paid-for SLES installation.

You tried to apply a security patch, and it told you that it wasn't needed...yet you are continuing. Why?? If you have a 'vulnerability team', then this 'team' should be well aware of the need to check the various distros websites, to see if this vulnerability even comes in to play. Did you try looking up that CVE number on the SLES site??? Since this is your job, I will leave it to you to go look it up...you may be interested in what you find.

And again, if you contacted SLES support you would get this same answer.

And running "make install" does absolutely NOTHING..unless you bothered to UNinstall the old version, stop the existing daemon, apply the old configuration to the NEW daemon, and start IT. You don't appear to have done any of that, and if you just ran "make install", you have now successfully removed your existing NTP configuration with a blank file, and when you try to restart, it won't work.