Upgrade some program, how to?


New Member
I've a VPS on KH and today I run a Vunerability scanner to check the security and found some risk issues:

The remote host is using a version of OpenSSL which is
older than 0.9.6m or 0.9.7d

Solution: Upgrade to version 0.9.6j (0.9.7b) or newer

The remote POP3 server might be vulnerable to a buffer overflow
bug when it is issued at least one of these commands, with a too long
argument :


If confirmed, this problem might allow an attacker to execute
arbitrary code on the remote system, thus giving him an interactive
session on this host.

Solution: If you do not use POP3, disable this service in /etc/inetd.conf
and restart the inetd process. Otherwise, upgrade to a newer version.

My question is: do you know how to upgrade these program? I'm just a beginer to Linux. And I use WHM/Cpanel.


Son Tran
ask knownhost support to upgrade it for you..they'll do it within minutes..thats what their semi-managed VPS philosophy covers.....
Regrading OpenSSL - this highly depends on how this scanner checked the OpenSSL version. CentOS is a recompilation of RedHat EL and RedHat doesn't upgrade actual software versions when they release OS updates but they backport security / stability patches to the application version which was originally released with initial OS release. This way they don't have to run lengthy and expensive QA tests and can release security updates rather quickly. You can see if you have any pending OS / OS application updates by running the following command inside your VPS:

yum check-update

As for pop3 server - honestly I don't believe current version of courier-imap which is shipped by cPanel is vulnerable to such an old buffer overflow bug.