Hi,
My RKHunter daily scan has shown the following for several weeks.
Warning: Application 'httpd', version '2.4.6', is out of date, and possibly a security
risk.
Warning: Application 'openssl', version '1.0.1e', is out of date, and possibly a
security risk.I have not acted on it as I know yum is configured by Virtualmin and thought it would update but it has not.
Would this be something to be concerned about?
Thanks for any advice.
Regards
Philip
Howdy,
Well, Virtualmin doesn’t configure yum for you – your packages come from your distro, with the exception of the Virtualmin repository.
What distro/version are you using though?
It’s normal that distros ship software with one particular version, and then backport bugfixes and security updates into the version that they shipped.
So it’s not possible to determine if it’s up to date by looking at the package version… you’d need to just make sure that all the updates provided by your distro have been applied.
-Eric
Hi Eric,
Thanks for the quick reply and clarification. I did try yum update in SSH before posting my question. I am using CentOS Linux 7.1.1503. I don’t use any extra repositories.
Philip
Philip, not sure how that software is checking what is the last version for each OS but this is what comes with Centos 7: http://distrowatch.com/table.php?distribution=centos. Better to learn about OS you are using than rely on some software to tell you what you should update especially when it comes to Centos and his backport of all updates and security patches.
Hi Diabiclo,
Thanks for the links. I am not a Linux Geek but have spent 18 months learning how to run my own server and have learned a lot about Linux in this time. I rely on yum via SSH to update my packages like a lot of Linux users. I could use other repositories but have had problems in the past where newer versions conflict with Centos dependency packages so stopped using them.