Hi Folks,

Greetings. I have got a list of 19 vulnerabilities in one of my server which needs to be patched. Kindly advice how can I go ahead with the same. Looking for an urgent solution.

OS Version: Red Hat Enterprise Linux Server release 6.8 (Santiago)
Kernel Version: 2.6.32-642.el6.x86_64

Regards,
RHADMN

a redhat certified engineer is asking this?

anyhow, if you don't show us the list, how could we possibly advise?

also, i'm sure a fellow LQ dweller will shortly be along and inform you of the commercial nature of redhat and your entitlement to support from them, not us.

2 members found this post helpful.

Hi Ondoho,

Opss !!! I did not mean the straight forward patching of the packages !!!

Here, please note that I do not have a subscription and I basically need an archive repo location from where we can download them. Tried to a good extend, but was not able to find an appropriate one. But I am sure someone would have already gone through my situation and have found a similar repo.

Also, just would like to avoid CentOS packages.

I will upload the vulnerability list shortly.

Is this RHEL stolen? Should the Police be called?
(I don't think LQ will provide a 'bootleg' repo!!!)

Since "urgent", Why didn't you post the full list info first time?

Yes, post the list, so people can advise. Best wishes.
https://www.open-scap.org/resources/...rhel-6-machine ?
https://www.stigviewer.com/stig/red_...rprise_linux_6 ?
wget https://www.cvedetails.com/vulnerabi...e-Linux-6.html | awk ...?

a very confusing post.
not sure i understand any of it.

maybe you should drop this questionable redhat installation and use centos instead.

1 members found this post helpful.

So what *DO* you mean when you said your server needed to be patched?
No need to upload a list, since (as someone with a 'certification' knows), the only way to get this done is to PAY FOR RHEL. That's it; you pay for support and access to the Red Hat network, which provides packages/updates. That's it.

You've been working with Linux for at least eight years now, and list your occupation as a "Senior Systems Administrator". So you should know to either pay for RHEL, or use something else.

BUY the required redhat support contract !!!

then it is very very very simple to update and install the security updates

and that is it

SIMPLE

But if the CEO has put solely $min before legal&sensible reasoning,
And thus their CISO just Googles 'RHEL security vunlerabilities'
And gives the first-hit to the SA to implement for $min,
Rather than searching for a quick-fix from an anon untrusted repo,
Explain that security involves all applications (think Equifax).
Or just say "No.", for moral&professional reasons.

The OP, who seemed to try to be nicely helpful here in 2009-10,
Returned a few hours after my harsh post, but not since, I just noticed.

Idk what to do/say about TheWorld's trend toward such $min 'reasoning'.