Re: Centos security update

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]



On 04/27/2015 04:09 AM, Venkateswara Rao Dokku wrote:
> Thanks for the replies. The tool that we used for testing the security
> vulnerability is "Nessus".
> 
> I have glibc version 2.17-78.el7, I saw that CVE-2015-0235 (Ghost) is fixed
> in this version and I want to apply patch for the vulnerbailities
> CVE-2015-1472 & CVE-2015-1473. Can you please help me in finding the right
> version that has fixes for these?
> 
> Thanks


I don't know how Nessus works, BUT it seems you need to load all the
CentOS Plugins to get it to understand the checks:

http://www.tenable.com/plugins/index.php?view=all&family=CentOS+Local+Security+Checks

I have NO IDEA if those are correct or how up2date they are, etc.  But
if you are not loading them, you have no chance of it understanding the
backporting that redhat does.

> 
> On Sat, Apr 25, 2015 at 1:05 AM, <m.roth@xxxxxxxxx> wrote:
> 
>> John R Pierce wrote:
>>> On 4/24/2015 12:14 PM, Alexander Dalloz wrote:
>>>> Am 24.04.2015 um 11:21 schrieb Venkateswara Rao Dokku:
>>>>> I was using CentOS 7 and when I ran some custom commercial security
>>>>> scan on
>>>>> my machine, I found about 122 vulnerabilities.
>>>>
>>>> That's why those scans are wasted money. From a security management
>>>> point of view they neither help you nor your manager.
>>>
>>> I call it 'security by bullet list'
>>
>> I would be more interested if the OP had mentioned *what* "custom
>> commercial security scan" tool they'd used.


Attachment: signature.asc
Description: OpenPGP digital signature

_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos

[Index of Archives]     [CentOS]     [CentOS Announce]     [CentOS Development]     [CentOS ARM Devel]     [CentOS Docs]     [CentOS Virtualization]     [Carrier Grade Linux]     [Linux Media]     [Asterisk]     [DCCP]     [Netdev]     [Xorg]     [Linux USB]
  Powered by Linux