php and apache updates

[gary_ford]

Hi - I need to update .php and apache.

php later than 5.2.13
apache later than 5.2.15

this is to plug some security risks raised by a penetration test.

please help. i have a fully paid for version.

[tonyyarusso]

php later than 5.2.13

The latest version of the standard PHP package provided by Red Hat is 5.1.6. However, they should be backporting individual security patches without applying the feature changes of later versions. Additionally, there is a 5.2 branch available from the IUS third-party repository, and as of the 5.6 release of the operating system there are some 5.3 packages included, but I'm not sure whether everything needed for XI is included or not. (It's a rather haphazard small set of modules that were updating, rather than a proper full repository rebuild.)

apache later than 5.2.15

This doesn't even exist. Perhaps you meant 2.2.15? Again, security patches should be individually backported by your operating system vendor.

[gary_ford]

i dont even know what the operating system vendor is, this is an appliance that I have bought from nagios that is getting flagged as being unsecure and needs vulnerabilities fixed. now as nagios supplied this appliance I need it fixing.

if i had bought an application then i would be updating the OS myself but i didnt i bought a complete package and need help from you..

[tonyyarusso]

Had you already run a 'yum update' on it when you conducted your scan?

[gary_ford]

no, i am not a linux admin. from reading it is some kind of update... is this likely to kill nagiosxi though?

[gary_ford]

i ran yum update and php is still dated november 2010!

[tonyyarusso]

29 November 2010 is both the date of the package and the date of the most recent security advisory affecting this package. Are you trying to say you have found and tested a security exploit that Red Hat is not aware of?