updates not available?

[mneese]

my RKhunter root check gives me this warning:

arning: Application 'httpd', version '2.2.3', is out of date, and possibly a security risk.
Warning: Application 'named', version '9.3.6', is out of date, and possibly a security risk.
Warning: Application 'sshd', version '4.3p2', is out of date, and possibly a security risk.

yet when I run "yum update" (after yum clean all) I get this:

Determining fastest mirrors
* atomic: www3.atomicorp.com
addons | 951 B 00:00
addons/primary | 203 B 00:00
asl-2.0 | 951 B 00:00
asl-2.0/primary | 42 kB 00:00
asl-2.0 130/130
atomic | 951 B 00:00
atomic/primary | 236 kB 00:00
atomic 709/709
base | 2.1 kB 00:00
base/primary_db | 2.0 MB 00:00
extras | 1.1 kB 00:00
extras/primary | 117 kB 00:00
extras 290/290
plesk | 951 B 00:00
plesk/primary | 78 kB 00:00
plesk 193/193
updates | 1.9 kB 00:00
updates/primary_db | 320 kB 00:00
Excluding Packages from Plesk Server Administrator
Finished
Setting up Update Process
No Packages marked for Update

Does the excluded "Excluding Packages from Plesk Server Administrator" affect my updates? If so, how do I get this included?

[mikeshinn]

rkhunter is paranoid. Its saying this could be an issue because it doesnt know for sure. Sometimes security fixes are backported:

http://www.redhat.com/security/updates/ ... c_cid=3093

Sometimes they are not. So rather than assume you are good to go, rkhunter is telling you that it knows that version has vulnerabilities - but it doesnt know if the fix has been backported or if the vulnerability really exists. In short, its giving you heads up that you should contact your OS vendor to find out if those versions have backported fixes.

also "yum update" may not cover all the releases. A security update may be a major rev - so you may have to do a "yum upgrade".

[scott]

Also make sure you arent excluding anything in your yum configs. You can override those with:

yum --disableexcludes=all upgrade